Hi All.

I'm playing with ebtables to make my network so that only one client can communicate to and from some hosts.

My config file:

ebtables.4.cmd=-F FORWARD
ebtables.4.status=enabled
ebtables.5.cmd=-P FORWARD ACCEPT
ebtables.5.status=enabled
ebtables.50.cmd=-N FIREWALL
ebtables.50.status=disabled
ebtables.51.cmd=-A INPUT -j FIREWALL
ebtables.51.status=disabled
ebtables.52.cmd=-A FORWARD -j FIREWALL
ebtables.52.status=disabled
ebtables.53.cmd=-D INPUT -j FIREWALL
ebtables.53.status=enabled
ebtables.54.cmd=-A FIREWALL -p IPv4 --ip-src 10.50.60.25 --ip-dst 10.50.60.12 --ip-proto icmp -j ACCEPT
ebtables.54.status=enabled
ebtables.55.cmd=-A FIREWALL -p IPv4 --ip-src 10.50.60.25 --ip-dst 10.50.60.12 --ip-proto tcp -j ACCEPT
ebtables.55.status=enabled
ebtables.56.cmd=-A FIREWALL -j DROP
ebtables.56.status=enabled
ebtables.status=enabled

After upload this config file i can ping 10.50.60.12.
After "power off" and "power on" or reboot i have no "ping" to 10.50.60.12
I'm connecting to PowerStation through ssh and make:
ebtables -D FIREWALL -j DROP
ebtables -A FIREWALL -j DROP
After that i can "ping" 10.50.60.12 until "reboot"

What wrong with my config?

PowerStation2
FW XS2.ar2316.v3.2.3-rc.4063.081124.1732

Hello Zus,

Asking my software guys.

Thanks,
Mike

Take a look to ebtables -L --Lc

You will see what rules are applied to the device.

Also to make IP work you have to allow ARP requests as well before DROP rule.
Kind of:
ebtables.X.status=enabled
ebtables.X.cmd=-A FIREWALL -p 0x0806 -j ACCEPT
Without ARP(0x0806) IP(0x0800) will not work.

After reboot all ARP cache is cleared so IP (ICMP ping as well) is not working.

Thanks, it works!!

Second problem:

PS2 in router mode with NAT. I can't pass through PPTP session.
Can you help my?

Thanks