I am using Xen virtualization with a bridged mode netwrk. I noticed that there is a lot of spanning tree (as understand) traffic coming from a network. Such as:
STP 802.1d, Config, Flags [none], bridge-id ......
STP 802.1s, Rapid STP, CIST Flags [Proposal, Learn, Forward, Agreement]
I do not want VPS to receive these messages - is it possible to filter it? I guess I need to do something like:
ebtables -A INPUT -d BGA -j DROP
But that did not help. What am I doing wrong?
STP (Spanning tree) is a protocol to prevent network loops. Blocking STP in the firewall has no use. You could change your network so the STP and your VM are on a different VLAN. I think that would be the proper solution for this.
Maybe something like this would help...
cli# ebtables -I FIREWALL -i eth0 -d 01:00:0C:CC:CC:CC -j DROP
cli# ebtables -I FIREWALL -i eth0 -d 01:00:0C:CC:CC:CD -j DROP
cli# ebtables -I FIREWALL -i eth0 -d 01:80:C2:00:00:00 -j DROP
cli# ebtables -I FIREWALL -i eth0 -d 01:80:C2:00:00:08 -j DROP
cli# ebtables -I FIREWALL -i eth0 -d 01:80:C2:00:00:01 -j DROP
On the host node, you need to match in the FORWARD chain instead of INPUT chain.
ebtables -A FORWARD -d BGA -o vif+ -j DROP
and just to be sure the guests aren't spoofing STP out
ebtables -A FORWARD -d BGA -i vif+ -j DROP
Another option is to move to a routed instead of bridged network configuration.
I know this is a very old question, but one I needed to sort out myself today. After a LOT of trial and error, I found this command to work:
sudo ebtables -A FORWARD -p LENGTH --802_3-type 10b -j DROP
To be sure you don't block anything you don't want to, please add -o {interface name}, such as:
sudo ebtables -A FORWARD -o l2tpeth0 -p LENGTH --802_3-type 10b -j DROP
We're using Cisco equipment, I don't know if the same applies to other vendors.
