ebtables brouting of all tcp and udp traffic

ebtables brouting of all tcp and udp traffic

[Arnaud MARTIN]

I have created a bridge on my server and I would like to bridge only the protocols other than tcp and udp. For these protocols I have an application running on the box that is listening in promiscuous mode to catch these packets. 
The application is only interested in the packets not directly destined to the server itself.

I'm using the scrpt below to realize that:

MAC_OF_BR0=<MAC of my bridge>

ebtables -t broute --flush
ebtables -t broute -A BROUTING -d $MAC_OF_BR0 -p ipv4 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp -i eth0 -j DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp -i eth1 -j DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto udp -i eth0 -j DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto udp -i eth1 -j DROP

So far the brouting seems to work but as soon as I run this script, I'm not able to ssh to the server anymore. Also my application running on the server, has to connect to other server in the same configuration but it is not able to do it anymore. This is the reason why I added the 2nd line in the script but it doesn't work.

To sum up I need to broute all udp and tcp traffic, except the traffic destined to the bridge IP/interface.
How can I do it ?

Re: ebtables brouting of all tcp and udp traffic

[Arnaud MARTIN]

I think I found the solution. I just needed to replace the 2nd rule by:

ebtables -t broute --flush
ebtables -t broute -A BROUTING -d $MAC_OF_BR0 -j ACCEPT
ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp -i eth0 -j DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp -i eth1 -j DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto udp -i eth0 -j DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto udp -i eth1 -j DROP

Like that the traffic directed to the server itself will be processed by the bridge "as normal" and not be brouted.