Sat Jul 7 19:25:40 EDT 2012
Bridges and firewalls
It looks like bridged packets do come from the bridge and not the
individual interfaces as far as iptables is concerned. The LOG target
logs PHYSIN and PHYSOUT. How to match on those?
Jul 7 19:26:49 localhost kernel: [ 8226.234791] IN=br1 OUT=br1 PHYSIN=eth0.11 PHYSOUT=ubit SRC=192.168.7.46 DST=192.168.7.77 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19600 DF PROTO=TCP SPT=43315 DPT=22 WINDOW=14600 RES=0x00 SYN URGP=0