Hi everyone,

Attaching a diagram of my network setup. You'll notice there is a single subnet ( here.
My goal: blocking traffic from HOST A to HOST B.

There are many other hosts on the network, this is a simplified diagram. For other reasons, I can't subnet or VLAN, everything is on the same broadcast domain. The only thing that makes me think this should be possible is that Host A always has to send traffic through an RT68U interface and have that sent out to HOST B through another interface (both I imagine are part of a bridge). Would love to do it on layer 3, but if not possible on layer 3 (iptables?) maybe I can catch it and prevent the relay at layer 2 (ebtables)?

I tried multiple configurations for iptables and ebtables on the AC68U, but nothing seems to have any effect. My questions:

1. If ebtables or iptables are the way to go, what is the proper configuration line for this?
2. Is there another way to filter the traffic that goes through the bridge between interfaces?

Appreciate any insight!


