how to filter bridge interface packets with single iptables rule?

pentiumcu

4/2/24, 10:00 PM

I want to filter br1 interface in/out packets that have a specific tcp port number.

Given a setup with eth0 and eth1 in a bridge br1:

    |          |        
   eth0       eth1      
    | == br1== |

In this scenario, I want TCP port 80 traffic to be filtered and routing to nfqueue-num-0 if it is going to network attached from eth0 to eth1 or from eth1 to eth0. I want to do this with a single line iptables command.

**Scenario-1 **- My iptables rule:

iptables -A FORWARD -m physdev --physdev-in eth0, eth1 -p tcp --match multiport --ports 80 -j NFQUEUE --queue-num 0

Then i want modify same time in/out packets with nfqueue and scapy framework. Two different callback functions are required to perform these operations. But i can't run two callback functions on the same time. It has to be simultaneous for real-time packet manipulation to occur. Therefore, i want write single iptables rule which filter two-way network traffic.

So, the question is, how must I write a iptables rule for Scenario-1 ?

0 + 0

iptables

bridge

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: how to filter bridge interface packets with single iptables rule?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.