Larry Price wrote:
> I'm working with some networking stuff (on debian for those playing along
> at home)
>
> and i notice that the syntax in /etc/network/interfaces for adding virtual
> interfaces is eth{n}:{n} where n is a digit
>
> but for iptables rules : is an illegal character (the rule gets ignored)
>
> this type of inconsistency strikes me as the most annoying trait of unix,
> in that it would be perfectly reasonable to treat the virtual interfaces
> as used by if{up|down} as separate for filtering purposes.
>
> theres probably a perfectly reasonable explanation why and if I read the
> man page (or the code) for long enough I would know it, but i want it to
> work now (except it doesn't)
When a packet arrives at a (real) interface, the iptrace software
doesn't know which virtual interface the packet was destined for.
Indeed, some malicious packets aren't intended for any of the virtual
interfaces. Others would match more than one.
Tell us what problem you're trying to solve, and I'll (try to)
tell you why virtual interfaces aren't part of the solution.
--
Bob Miller K<bob>
kbobsoft software consulting
http://kbobsoft.com [EMAIL PROTECTED]
_______________________________________________
Eug-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
