Don't use interfaces in your firewall script. Problem solved. The only one I use is lo. I also verify ip's are on the right interface. Other than that all of the rest of my rules are ip based. I have lots of interfaces virtual and not on my firewall. eth0,eth1,ipsec0,eth1:0-6. IP based rules with only a few interface rules work very well.
Cory On Fri, Jan 31, 2003 at 07:43:29AM -0800, Bob Miller wrote: > Larry Price wrote: > > > I'm working with some networking stuff (on debian for those playing along > > at home) > > > > and i notice that the syntax in /etc/network/interfaces for adding virtual > > interfaces is eth{n}:{n} where n is a digit > > > > but for iptables rules : is an illegal character (the rule gets ignored) > > > > this type of inconsistency strikes me as the most annoying trait of unix, > > in that it would be perfectly reasonable to treat the virtual interfaces > > as used by if{up|down} as separate for filtering purposes. > > > > theres probably a perfectly reasonable explanation why and if I read the > > man page (or the code) for long enough I would know it, but i want it to > > work now (except it doesn't) > > When a packet arrives at a (real) interface, the iptrace software > doesn't know which virtual interface the packet was destined for. > Indeed, some malicious packets aren't intended for any of the virtual > interfaces. Others would match more than one. > > Tell us what problem you're trying to solve, and I'll (try to) > tell you why virtual interfaces aren't part of the solution. > > -- > Bob Miller K<bob> > kbobsoft software consulting > http://kbobsoft.com [EMAIL PROTECTED] > _______________________________________________ > Eug-LUG mailing list > [EMAIL PROTECTED] > http://mailman.efn.org/cgi-bin/listinfo/eug-lug _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug