On Tue, 2007-03-13 at 22:28 -0400, Tony Nelson wrote: > I'm reading Rusty Russell's Linux iptables HOWTO now. Section 5 says > it works on IPs, not on interfaces. You can make rules that refer to interfaces. They're useful when you want to simply trust/distrust anything on it, or the addresses for it are changeable. A rule for any incoming ethernet interface: iptables --append INPUT --jump DROP --protocol tcp --in-interface eth+ A rule for any incoming eth1 interface: iptables --append INPUT --jump DROP --protocol tcp--in-interface eth1 -- (This box runs FC6, my others run FC4 & FC5, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
