To streamline the firewall I am writing, can I be safe to assume that: CLASS_A="10.0.0.0/8" IF1="eth0" IF2="eth1" (For example, I will drop anything claiming to be from a Class A Private Network on either interface) iptables -A INPUT -i $IF1 -s $CLASS_A -j DROP iptables -A INPUT -i $IF2 -s $CLASS_A -j DROP can be written in one line as: iptables -A INPUT -s $CLASS_A -j DROP This way by not specifying the interface (as it can come from either eth0 or eth1) it will stop completely drop any requests claiming to be from a class A private network?
sure. then just add 192.168/16 and 172.16/12 ;-)
