1

I am using openwrt router. It has a bridge br-lan and wlan0, wlan1 are connected to this bridge. eth0 acts as the WAN interface. When a packet comes from wlan0 or wlan1 it goes from the bridge, gets NATed and goes out through eth0 to the internet and the reply comes from eth0, gets NATed again and goes to br-lan and then out via wlan0 or wlan1 depending on where the original packet came from.

wlan0/wlan1 --> br-lan --> NAT --> eth0 --> internet

internet --> unNAT --> br-lan --> wlan0/wlan1

Now I have an application listening on br-lan interface through a raw socket and I want to do some processing on the packets going from br-lan to wlan0/wlan1. Thus I want to stop/block all packets from br-lan to wlan0/wlan1 as I will be forwarding it to wlan0/wlan1 myself in my application. How do I do that using iptables or ebtables?

I have tried some rules like below, but it does not work and all traffic is flowing normally - 

ebtables -I FORWARD -i br-lan -o wlan1 -j DROP
ebtables -I OUTPUT -o br-lan -j DROP
iptables -I FORWARD -i br-lan -o wlan1 -j DROP
iptables -I OUTPUT -o br-lan -j DROP
The Prenx
  • 111
  • 4

1 Answers1

0

so I took a look at this page and most everything they did with dropping packets involved chains. So I'm wondering if you tried making a chain first? E.G.

iptables -N zone_wan_block
iptables -I FORWARD -i br-lan -o wlan1 -j zone_wan_block
iptables -A zone_wan_block -j DROP

(I would comment about this instead, as i am inexperienced in this myself (and don't have the time to test this) , but I don't have enough rep...)

Also, using the OUTPUT if needed.

Hope this helps, but again, I'm inexperienced. Have a good day!

Asher
  • 11
  • 4
  • I tried this but didn't work..I also tried with using OUTPUT and a few other combinations but still not working...the traffic is flowing normally. But thanks for your attempt. – The Prenx Apr 06 '17 at 15:29
  • Sure thing, hope you're able to find a solution – Asher Apr 06 '17 at 21:31