I think you would just need a specific IP tables rule to prevent the traffic.
It would not be easy for me to setup my test computer to verify an answer for you, but I think something like (I didn't even test the syntax):
Code:
sudo iptables -A FORWARD -i eth0 -o eth1 -j DROP
sudo iptables -A FORWARD -i eth1 -o eth0 -j DROP
But give us some more info to be able to help further, such as your current iptable rules set, so we know exactly where to put the rules and or if they need to be changed.
Edit: I managed to sort of test this on one of my test computers. I think what I said above will do what you want. Also know that the various computers on the two sub-nets would also have to know how to route the traffic. What I mean is that I had to add a route so as to direct the packets from test computer 1 towards test computer 2, which had the two NIC cards, to get to test computer 3 on the other sub-net. Example:
Code:
sudo route add -net 192.168.222.0 netmask 255.255.255.0 gw 192.168.111.112
Only then could I test blocking the packets.
Bookmarks