On Fri, 31 Jan 2003, Bob Miller wrote: > You can do all that based on IP address, not interface. > For example... > > # HTTP is the only TCP traffic we accept at 10.0.0.3. > iptables -A INPUT \ > --in-interface eth0 \ > --protocol tcp \ > --destination 10.0.0.3 \ > --destination-port ! 80 \ > DROP
I'm going to try that. there does seem to be some additional problem in that the second address isn't responding to ping except from localhost (and I did drop in rules to make it accept/reply to ICMP while I'm trying to make it function) > > iptables is a very lowlevel way to filter traffic. We need something > higher-level. > > -- > Bob Miller K<bob> > kbobsoft software consulting > http://kbobsoft.com [EMAIL PROTECTED] > _______________________________________________ > Eug-LUG mailing list > [EMAIL PROTECTED] > http://mailman.efn.org/cgi-bin/listinfo/eug-lug > -- http://www.efn.org/~laprice ( Community, Cooperation, Consensus http://www.opn.org ( Openness to serendipity, make mistakes http://www.efn.org/~laprice/poems ( but learn from them.(carpe fructus ludi) _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug