Andy Murren wrote: > Do ipchains and iptables understand subinterfaces and can they filter > on those subinterfaces?
No, that's not implemented. But if you have eth0/192.168.0.1 and eth0:0/192.168.0.2 you can filter using the IP adresses, say iptables -A INPUT -if eth0 -d 192.168.0.1 -j ACCEPT iptables -A INPUT -if eth0 -d 192.168.0.2 -j ACCEPT In this way the incoming traffic for those IP's is filtered for the interfaces eth0 and eth0:0 - no other interface is allowed (if you do not have another rule that allows incoming traffic for those IPs on another interface). GTi -- For encrypted messages please use my public key, key-ID: 0xA9E35B01 The fingerprint is A684 87F3 C7AA 9728 3C1B 85BF 0500 B2C7 A9E3 5B01 _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
