I am using openwrt router. It has a bridge br-lan and wlan0, wlan1 are connected to this bridge. eth0 acts as the WAN interface. When a packet comes from wlan0 or wlan1 it goes from the bridge, gets NATed and goes out through eth0 to the internet and the reply comes from eth0, gets NATed again and goes to br-lan and then out via wlan0 or wlan1 depending on where the original packet came from.
wlan0/wlan1 –> br-lan –> NAT –> eth0 –> internet
internet –> unNAT –> br-lan –> wlan0/wlan1
Now I have an application listening on br-lan interface through a raw socket and I want to do some processing on the packets going from br-lan to wlan0/wlan1. Thus I want to stop/block all packets from br-lan to wlan0/wlan1 as I will be forwarding it to wlan0/wlan1 myself in my application. How do I do that using iptables or ebtables?
I have tried some rules like below, but it does not work and all traffic is flowing normally –
ebtables -I FORWARD -i br-lan -o wlan1 -j DROP
ebtables -I OUTPUT -o br-lan -j DROP
iptables -I FORWARD -i br-lan -o wlan1 -j DROP
iptables -I OUTPUT -o br-lan -j DROP
Best Answer
so I took a look at this page and most everything they did with dropping packets involved chains. So I'm wondering if you tried making a chain first? E.G.
(I would comment about this instead, as i am inexperienced in this myself (and don't have the time to test this) , but I don't have enough rep...)
Also, using the OUTPUT if needed.
Hope this helps, but again, I'm inexperienced. Have a good day!