The problem seems to be that iptables filters only packets that are
to IP layer and over..so any packet intended for a protocol living on a
layer lower than IP is not recognized (e.g. batman frame).
I'd say you are right here.
Ebtables instead works only on eth bridges...I tried it because I
that bat0 was acting like a bridge indeed but this is not the case...The
only solution I thought could be this: create a bridge-if br0, attach wlan0
to it and then attach br0 to bat0 and then you could let ebtables work
between wlan0 and br0....maybe it could work...
But attaching a wlan-if to a eth-bridge-if is not actually possible.
At the WCW we sat together to discuss the issue. The easiest thing to test
would be this: You create a bridge "br0" and add the wifi interface batman
usually runs on (e.g. wlan0). Then you configure batman-adv to run on the
bridge instead on wlan0 directly (batctl if add br0). Since the packets travel
through the bridge interface first, it might be possible to drop them there.
Be sure to create an individual bridge interface for each wifi interface you
want to run batman-adv on. The purpose of the bridge interface is to allow
packet filtering, not to bridge interfaces.
Please let us know how it goes. :-)