I have a local-facing interface on my firewall which has multiple IP addresses (192.168.0.1 and 192.168.0.5) assigned to it. Packets from both of these IPs are forwarded to the WAN interface. However, I want to apply different filtering rules depending on which local IP the packet was received on. (The idea is to use 192.168.0.5 as the gateway for a restricted-access wireless access point, whilst 192.168.0.1 is used as the gateway for all other traffic). I tried doing this using interface aliases, but these don't come through to iptables and are deprecated anyway seemingly. How would you do this?
(I can do this type of filtering fine in the INPUT chain, just using the destination IP address, but how would I do it in the FORWARD chain?)