I would like to isolate group of servers inside a LAN without changing ip address or using a vlans.
All should be done by a layer 2 filtering.
I would like to create a bridge of 5 interfaces.
The security model should be as follow.
1. All interfaces should have access to servers on on eth1.
2. Non of the remaining 4 interface have access to the other 4.
While doing a firewall rule with input interface as bridge I can catch the traffic.
But I would like to catch the traffic on the input interface member of the bridge with no success.
Do you think it's possible?