Why my iptables LOG rule doesn't get applied for local traffic?

New Around Here
I have the following rule to log traffic (for wake on LAN purposes)

iptables -I FORWARD -d 192.168.1.X -p tcp --dport 7000:8332 -m state --state NEW -j LOG --log-prefix "[2WAKE] XX:XX:XX:XX:XX:XX"

which does work for traffic from WAN that gets to my local network (through opened ports) but doesn't work for local only traffic.

Why is that? I've tried with `INPUT` chain as well but I've got the same results.

Is that because the traffic goes through internal switch and we cannot control this with `iptables`?


Part of the Furniture
All local traffic is bridged, not routed, and therefore the router's IP firewall doesn't get involved in local traffic. All local devices communicate directly with one another over ethernet via the switch. That's why if you didn't even have a router, but only a switch, all local devices could still communicate w/ each other.


New Around Here
That's what I thought. Any chance to see/touch/manipulate local traffic on Asus RT-AC routers?

