It works, I've checked it!
You should edit /etc/sysctl.conf:
net.bridge.bridge-nf-call-iptables=1
restart it:
sysctl -p
and after it the rule works for lan-lan traffic:
iptables -I FORWARD -d 192.168.1.10 -j REJECT
1 Like