Topic: Wlan traffic seems to bypass iptables
I have a bridge device with the wifi and wan device in it. What I want is to prevent arp poisoning/spoofing between the wifi clients or do a man in the middle attack towards the gateway, but still allow client-client communication.
I'm trying to filter traffic between two wifi clients in managed mode. When I do tcpdump on the wlan0 device I see all the traffic, but it seems that it's not going through iptables. Do I need ebtables to manipulate the bridging decision or is it more like a monitor port and the traffic never really leaves the device and I can only watch it.
What I tried than was to acitvate the isolation mode but still than it seems the traffic going through the bridge device isn"t going through iptables. Again would ebtables help here?
Is there another option to fulfill the attempt to prevent arp attacks or shall I try to route the traffic back on the gateway to get client-client communication working?