I tried to filter any packet with specific MAC coming to eth0. The commands below are used (ebtable and iptables) but did not work. Can anyone please give some advice?
I used ebtables because I used a bridge containing veth0, eth0, and eth1. The packet were sent from eth0 and is terminated on the eth0 of another node in the network.
I needed to use the destination address because the destination MAC address are the same so I know which packet to be terminated on eth0.
a. SELECT * FROM (SELECT * FROM table WHERE user_id = 100 ORDER BY object_id, id DESC) adr_table GROUP BY object_id
b. ebtables -A INPUT -i eth0 -d 11:22:33:44:55:66 -j DROP
答案 0 :(得分:0)
ebtables和iptables INPUT链仅在发往本地计算机的数据包上运行,而不是在正在转发的数据包上运行(在第2层或第3层)。
从使用 INPUT 链转到使用 PREROUTING 链(特别是在ebtables中)可能会解决您的问题。