Don't use interfaces in your firewall script. Problem solved.
The only one I use is lo. I also verify ip's are on the right interface.
Other than that all of the rest of my rules are ip based. I have lots of
interfaces virtual and not on my firewall. eth0,eth1,ipsec0,eth1:0-6. IP
based rules with only a few interface rules work very well.
Cory
On Fri, Jan 31, 2003 at 07:43:29AM -0800, Bob Miller wrote:
> Larry Price wrote:
>
> > I'm working with some networking stuff (on debian for those playing along
> > at home)
> >
> > and i notice that the syntax in /etc/network/interfaces for adding virtual
> > interfaces is eth{n}:{n} where n is a digit
> >
> > but for iptables rules : is an illegal character (the rule gets ignored)
> >
> > this type of inconsistency strikes me as the most annoying trait of unix,
> > in that it would be perfectly reasonable to treat the virtual interfaces
> > as used by if{up|down} as separate for filtering purposes.
> >
> > theres probably a perfectly reasonable explanation why and if I read the
> > man page (or the code) for long enough I would know it, but i want it to
> > work now (except it doesn't)
>
> When a packet arrives at a (real) interface, the iptrace software
> doesn't know which virtual interface the packet was destined for.
> Indeed, some malicious packets aren't intended for any of the virtual
> interfaces. Others would match more than one.
>
> Tell us what problem you're trying to solve, and I'll (try to)
> tell you why virtual interfaces aren't part of the solution.
>
> --
> Bob Miller K<bob>
> kbobsoft software consulting
> http://kbobsoft.com [EMAIL PROTECTED]
> _______________________________________________
> Eug-LUG mailing list
> [EMAIL PROTECTED]
> http://mailman.efn.org/cgi-bin/listinfo/eug-lug
_______________________________________________
Eug-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
