# 在网桥上,tap1出去的包drop
iptables -A FORWARD -m physdev --physdev-out tap1 --physdev-is-bridged -j DROP
--physdev-is-bridged:匹配网桥流量
--physdev-out:网桥出接口
参考链接:https://www.cntofu.com/book/77/security_group/forward.md
# 在网桥上,tap1出去的包drop
iptables -A FORWARD -m physdev --physdev-out tap1 --physdev-is-bridged -j DROP
--physdev-is-bridged:匹配网桥流量
--physdev-out:网桥出接口
参考链接:https://www.cntofu.com/book/77/security_group/forward.md