From fc435e77881516f738f29e441b9a1a8abe8d3fee Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 30 Sep 2013 17:38:04 +0200 Subject: [PATCH] gluon-next-node: add ebtables to filter IP packets with the next-node address --- .../generate/lib/gluon/ebtables/250-next-node | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/gluon/gluon-next-node/generate/lib/gluon/ebtables/250-next-node b/gluon/gluon-next-node/generate/lib/gluon/ebtables/250-next-node index 3c4cb49..f6fa7d1 100644 --- a/gluon/gluon-next-node/generate/lib/gluon/ebtables/250-next-node +++ b/gluon/gluon-next-node/generate/lib/gluon/ebtables/250-next-node @@ -2,3 +2,13 @@ rule FORWARD --logical-out br-freifunk -o bat0 -d @next_node.mac@ -j DROP rule OUTPUT --logical-out br-freifunk -o bat0 -d @next_node.mac@ -j DROP rule FORWARD --logical-out br-freifunk -o bat0 -s @next_node.mac@ -j DROP rule OUTPUT --logical-out br-freifunk -o bat0 -s @next_node.mac@ -j DROP + +rule FORWARD --logical-out br-freifunk -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP +rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP +rule FORWARD --logical-out br-freifunk -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP +rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP + +rule FORWARD --logical-out br-freifunk -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP +rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP +rule FORWARD --logical-out br-freifunk -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP +rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP