How to block all traffic between two interfaces?

iptables -A FORWARD -i eth0 -o eth1 -j DROP should do what you’re requesting.


You should be able to control this at the kernel level with sysctl. Setting the net.ipv4 and/or net.ipv6 forwarding values off.

net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.eth0.forwarding = 0
net.ipv4.conf.eth1.forwarding = 0

Depending on the distribution you can configure this at startup by editing /etc/sysctl.conf or adding a file in /etc/sysctl.d. Normally forwarding is disabled by default, so you may have a line enabling forwarding.

Some firewall builders will enable or disable forwarding depending on the configuration.