# Drop frames between eth0 and eth1
ebtables -A FORWARD -o eth0 -i eth1 -j DROP
ebtables -A FORWARD -o eth1 -i eth0 -j DROP

# Imitiating port isolation with ebtables

## Create custom chain with policy to drop frames
ebtables -N ISOLATE -P DROP

## Match every to be forwarded frame to custom chain
ebtables -A FORWARD -j ISOLATE

## Add rules to custom chain which apply before policy

### Allow frames from isolated port to non isolated port
-o: isolated port
-i: non isolated port

### Allow frames from non isolated port to isolated port
-o: non isolated port
-i: isolated port

### Example:
isolated ports: sw0p0, sw0p1
non isolated ports: sw0p2, sw0p3, sw0p4

### Allow frames from isolated port to non isolated port
ebtables -A ISOLATE -o sw0p0 -i sw0p2 -j ACCEPT
ebtables -A ISOLATE -o sw0p0 -i sw0p3 -j ACCEPT
ebtables -A ISOLATE -o sw0p0 -i sw0p4 -j ACCEPT

ebtables -A ISOLATE -o sw0p1 -i sw0p2 -j ACCEPT
ebtables -A ISOLATE -o sw0p1 -i sw0p3 -j ACCEPT
ebtables -A ISOLATE -o sw0p1 -i sw0p4 -j ACCEPT

### Allow frames from non isolated port to isolated port
ebtables -A ISOLATE -o sw0p2 -i sw0p0 -j ACCEPT
ebtables -A ISOLATE -o sw0p2 -i sw0p1 -j ACCEPT

ebtables -A ISOLATE -o sw0p3 -i sw0p0 -j ACCEPT
ebtables -A ISOLATE -o sw0p3 -i sw0p1 -j ACCEPT

ebtables -A ISOLATE -o sw0p4 -i sw0p0 -j ACCEPT
ebtables -A ISOLATE -o sw0p4 -i sw0p1 -j ACCEPT

# Flush and delete custom chain
ebtables -F ISOLATE
ebtables -X ISOLATE