Is it possible to enable port isolation on Linux bridges?

view full story

http://serverfault.com – On most managed switches you can enable Layer 2 Port Isolation. The implementation and terminology is different from vendor to vendor but generally speaking you keep one or more ports in the default Promiscuous (Cisco) or Uplink (HP) state and configure other ports as Isolated (Cisco) or Private (HP). Afterwards, isolated ports can only talk to promiscuous ones but not to each other. Is there any way to implement this with Linux bridges to eg. isolate VMs from each other? Maybe via ebtables? (HowTos)