Larry Price wrote: > I'm working with some networking stuff (on debian for those playing along > at home) > > and i notice that the syntax in /etc/network/interfaces for adding virtual > interfaces is eth{n}:{n} where n is a digit > > but for iptables rules : is an illegal character (the rule gets ignored) > > this type of inconsistency strikes me as the most annoying trait of unix, > in that it would be perfectly reasonable to treat the virtual interfaces > as used by if{up|down} as separate for filtering purposes. > > theres probably a perfectly reasonable explanation why and if I read the > man page (or the code) for long enough I would know it, but i want it to > work now (except it doesn't)
When a packet arrives at a (real) interface, the iptrace software doesn't know which virtual interface the packet was destined for. Indeed, some malicious packets aren't intended for any of the virtual interfaces. Others would match more than one. Tell us what problem you're trying to solve, and I'll (try to) tell you why virtual interfaces aren't part of the solution. -- Bob Miller K<bob> kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED] _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug