0

At home I have tomato usb installed on my Asus RT-N16, i want to block all traffic from host let's say 192.168.0.100 to host 192.168.0.200. both hosts are inside local lan network.

how do i do that with iptables?

i've tried

iptables -I INPUT -i br0 -o br0 -d 192.168.0.200 -s 192.168.0.100 -j DROP

but it's not working

Troydm
  • 364
  • 3
  • 11

1 Answers1

2

Both hosts would appear to be in the same subnet in your example (as I'm assuming a /24 subnet). Without using a layer 2 filtering mechanism (like ebtables) you're not going to be able to filter that traffic.

Hosts in the same subnet communicate to each other at layer 2 w/o needing a router to facilitate the communication. Because the router isn't involved your iptables rules aren't going to affect the traffic.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • are you sure about this answer.? – Alex Gordon Jul 27 '11 at 16:22
  • If those hosts are in the same subnet they won't be using the routing functions of the Linux instance running on the router to communicate with each other. They might be talking thru the bridging code in Linux, but the rule in the post won't do anything to bridged traffic. – Evan Anderson Jul 27 '11 at 17:20
  • during my experiments i've managed to block traffic using iptables -t mangle -I POSTROUTING -d 192.168.0.200 -j DROP, but it blocks all traffic to this host, even if i specify -s 192.168.0.100, so it's not working on specific host – Troydm Jul 28 '11 at 06:27