I have a bridge setup one a set of firewalls that I would
like to do
some custom filtering with. Here is the config:
eth0 -> WAN
eth1 -> heartbeat
eth2 -> DMZ
eth3 -> LAN
Most of the checks we do are from the DMZ to the LAN but now
we would
like to filter out specific traffic between WAN and DMZ. We
have some
blanket global rules in place (only 80, 445, 25, etc) in via
the DMZ but
lately this isn't cutting it.
Looking into the log, netfilter is seeing the physical
device in and
out. I found some table about ipt_physdev module. I loaded
the module
and tried filtering on the physical device and received some
errors:
-A FORWARD -physin eth0 -j LOG --log-prefix "FW
ETH0:"
iptables-restore v1.2.11: unknown protocol `-physin'
specified
I have also tried using the --physdev-in as per the man
iptables
listing.
How can I build a rule on this with netfilter using the
basic rules?
This is a RHEL 4 environment and we would rather not patch
these
machines with pom items. I seems like I'm missing
something simple.
|