I have a router with 4 interfaces
two Ethernet and two wireless i.e eth1 eth2 wireless 1 wireless 2 .
wireless 1 connected to a bridge. so wireless 1 is my public interface and remaining 3 private interfaces.

in router i m trying add prerouting drop rule

iptables -t nat -A PREROUTING -d !169.254.130.132 -j DROP

i m getting error nat is not intended for filtering.

My aim is block private access from public interface.

so i have tried input output forward rules.

i have added input rule but it blocks my router access from private interface .
i have added forward rule but it blocks my bridge access from private network.

i want a rule like this

this will break the access, rule should be something like "for packets received on wireless/WAN interface from Outside if destination IP Address is not matching with WAN IP address, then drop the packets"

how to do this without breaking any access.


please reply As soon as possible,plzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

Thanks in advance.

Why would it receive any packets that don't match its address?