Hello, Current version of address type match lets incoming packets filter by address type such as LOCAL (local address of any interface). With this the following patches this type check can be limited to the interface the packet coming in. For instance the lets SSH in on every interface and nothing else: iptables -P INPUT DROP (some additional checks may be here such as -m state --state INVALID -j DROP) iptables -A INPUT -p tcp -m tcp --dport 22 -m addrtype --dst-type LOCAL --limit-iface -j ACCEPT If a packet arrives on eth0 with the IP address of the eth0 it is accepted but if it is an address of eth1 it is dropped. Also it can be used for checking IP spoofing. Regards, Attila - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
