How to block all traffic between two interfaces?
iptables -A FORWARD -i eth0 -o eth1 -j DROP
should do what you’re requesting.
You should be able to control this at the kernel level with sysctl
. Setting the net.ipv4 and/or net.ipv6 forwarding values off.
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.eth0.forwarding = 0
net.ipv4.conf.eth1.forwarding = 0
Depending on the distribution you can configure this at startup by editing /etc/sysctl.conf or adding a file in /etc/sysctl.d. Normally forwarding is disabled by default, so you may have a line enabling forwarding.
Some firewall builders will enable or disable forwarding depending on the configuration.