0

The system have multiple interfaces: eth0, eth1, eth2, ... br0, br1, br2, ...etc.

The following rule will allow packets from "br0" to "br0":

iptables -A FORWARD -i br0 -o br0 -j ACCEPT

I don't want to allow "br0" to "non-br0", "br1" to "non-br1", ...etc.. I want to match the "--out-interface" to the "--in-interface" without writing the actual interface name (br0, br1...) in the iptables rules.

iptables -A FORWARD -i <???> -o <???> -j ACCEPT

Here is the expected result:

iptables -A FORWARD -i br0 -o br0 -j ACCEPT
...
iptables -A FORWARD -i br1 -o br1 -j ACCEPT
...
iptables -A FORWARD -i br2 -o br2 -j ACCEPT
...
iptables -A FORWARD -i brn -o brn -j ACCEPT
...

How to use one rule to implement the same expected result without specifying the actual interface name "br0" in the <???>?

iptables -A FORWARD -i <???> -o <???> -j ACCEPT
Improve this question

1 Answer 1

Reset to default
0

I don't know if a particular rule exists in iptables for that, but it could be made with some bash scripting. The idea is to replace the name of the interfaces with some variables.

Example :

#!/bin/bash
tabIface=("eth0" "eth1" "br0" "br1" "br2" "br3")
i=0
while test $i -lt ${#tabIface[@]}
do 
iptables -A FORWARD -i ${tabIface[$i]} -o ${tabIface[$i]} -j ACCEPT
#echo ${tabIface[$i]}
let i=i+1
done
Improve this answer
New contributor
Walter Ophile is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.
1
  • Not what was asked.
    – David
    Commented 53 mins ago

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .