I'm updating a RH ipchains packet filter script from the dim past to iptables on Debian stable.
I noticed that when I specified the network the host is on (by IP/mask), the iptables listing called it "localnet." So I tried using localnet in the rule, and iptables seems to take it, and the chain seems to work. But I can't find any documentation about that keyword in man, in Rusty's HTML dox, or with google (lots of talk about it, but no dox). Is localnet a legit iptables network specification or an undocumented feature? What does it actually do (should I hang a CIDR mask on the end, or would that be redundant)? If the host responds to several IPs, does localnet cover then all? Or just eth0? How about eth0:1? It would be very handy because this script is to set filtering on all my DMZ and LAN hosts (by switching on their hostnames and IPs). I know I could just try it and see if it works, but this is to be the packet filter on the DMZ, and I'd like to do it as rigorously as I can. TIA... -- Glenn English [EMAIL PROTECTED] GPG ID: D0D7FF20 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
