Wed Mar 9 15:04:22 EST 2011

iptables and bridges

Looks like traffic between 2 interfaces in a bridge goes through the
FORWARD chain.

The good news is that you can bridge a bunch of VMs together on the
same bridge interface, keeping them in the same subnet for easy
management, and use a FORWARD rule to prevent them to see each other.