Topic: packet filtering with bridged interfaces
I use a bridge interface br-lan to unite eth0.2 and wlan0 to one domain.We also have a dmz on eth0.3. Now I'd like to only grant ssh-access from wired connections.
What is the most adept way to achieve this?
iptables -A INPUT -i wlan0 -p tcp -dport 22 -j DROP ?
or rather something with
iptables -A FORWARD -m physdev --physdev-in eth0.2 --physdev-out eth0.3 --dport 22 -d 192.168.0.16 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m physdev --physdev-is-bridged -m state --state ESTABLISHED,RELATED -j ACCEPT
In which opkg-package is physdev located?
Would I bring advantages to use a table other then filter?