Jar jar
Mon Aug 9 06:52:14 PDT 2004

> On Sun, Aug 08, 2004 at 02:15:16PM -0700, nondito wrote:
>> Is ther any way I can let the clients to communicate
>> with each other but block some ports using iptables?
>> This ap_bridge_packets are imposing two different
>> situations on two extremes. If set to 1, they can
>> communicate unconditionally and no restriction can be
>> imposed. If set to 0, they can't communicate at all.
> This would require that ap_bridge_packets=0 and Linux bridge code would
> be used to bridge packets back to the same interface. The default kernel
> does not support this, but I have seen couple of patch files that claim
> to enable this kind of mode. After this, ebtables could be used to
> filter packets between the associated stations.
> In other words, this is likely to require some work and kernel changes.
> I have not tested this myself and I don't know whether there are any
> good step-by-step instructions on this kind of change.

But how about 2.6.x kernels and iptables. There is now physdev module for
firewalling between bridge (in/out) ports.

Best Regards, Jar

