我设置了一个 Raspberry Pi 来控制一些本地 IoT 设备,最初需要将它们连接到互联网进行设置,但我想阻止它们更频繁地“呼叫”到云服务器。我已使用 Raspberry Pi 将智能设备连接到 hostapd 供电的接入点,并使用桥接器 br0 将它们桥接到我的 eth0 接口,但现在我无法限制无线网络上的设备与本地网络之外的通信。
我的输出的相关部分ifconfig如下:
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.18 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ba27:ebff:fe8f:6637 prefixlen 64 scopeid 0x20<link>
inet6 2a0e:cb01:22:4200:ba27:ebff:fe8f:6637 prefixlen 64 scopeid 0x0<global>
inet6 fdaa:bbcc:ddee:0:ba27:ebff:fe8f:6637 prefixlen 64 scopeid 0x0<global>
ether b8:27:eb:8f:66:37 txqueuelen 1000 (Ethernet)
RX packets 1030237 bytes 662509131 (631.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 872280 bytes 115521631 (110.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.18 netmask 255.255.255.0 broadcast 192.168.1.255
ether b8:27:eb:8f:66:37 txqueuelen 1000 (Ethernet)
RX packets 1302889 bytes 707488434 (674.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 868337 bytes 119710458 (114.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 169.254.16.101 netmask 255.255.0.0 broadcast 169.254.255.255
ether b8:27:eb:da:33:62 txqueuelen 1000 (Ethernet)
RX packets 206395 bytes 24701387 (23.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 259922 bytes 56512014 (53.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我目前尝试使用 ebtables - 这是我当前的配置:
Bridge table: filter
Bridge chain: INPUT, entries: 1, policy: ACCEPT
-p IPv4 -i wlan0 --ip-dst ! 192.168.1.0/24 -j DROP
Bridge chain: FORWARD, entries: 3, policy: ACCEPT
-p IPv4 -i wlan0 -o wlan0 --ip-src 192.168.1.0/24 -j ACCEPT
-p IPv4 -i wlan0 -o wlan0 --ip-dst 192.168.1.0/24 -j ACCEPT
-i wlan0 -o wlan0 -j DROP
Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p IPv4 -o wlan0 --ip-src ! 192.168.1.0/24 -j DROP
但是,这套规则肯定不起作用——将我的手机连接到它进行测试后,我可以正常访问所有内容。我承认,我正在努力寻找其中某些东西的工作原理,所以我很可能错过了一些重要的东西!
感谢帮助:)