Steve, The virtual interface is dealt with in the kernel, iptables doesn't care about it, iptables just knows about the IP. I have many virtual interfaces in rc.local, each associated with a specific IP address. All iptables cares about is the IP address. What I have is this (I use a sript as opposed to /etc/sysconfig/ipchains). (snip) LAN_IP="192.168.1.5" LAN_IP_RANGE="192.168.1.0/24" LAN_BCAST_ADRESS="192.168.1.255" LAN_IFACE="eth0" ... ######################################################################################### # # Rules for INPUT chain for virtual interfaces # $IPTABLES -A INPUT -p ALL -i $INET_IFACE -s $LAN_IP_RANGE -d $LAN_IP_RANGE -j ACCEPT $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP_RANGE -d $LAN_IP_RANGE -j ACCEPT # # Rules for OUTPUT chain for virtual interfaces # $IPTABLES -A OUTPUT -p ALL -s $LAN_IP_RANGE -j ACCEPT # ######################################################################################### # # Rules for special networks not part of the Internet # ... $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT ... (snip) Hope this is what you were after, it works fine for me! Murrah Boswell Steve M Bibayoff wrote: > > Sorry if everyone gets this twice, this one is a > second posting when I realized this was a closed list. > > Original question: > Is it possible to use iptables with a device alias > (ex.. eth0:1)? I tries to add a filter rule and got > an error: > % iptables -t filter -I INPUT -i eth0:1 -j ACCEPT > Warning: wierd character in interface `eth0:1' (No > aliases, :, ! or *). > > If i list the rules, it's listed, but it doesn't > appear to be working. I was wondering if someone had > a definite answer. > > TIA > > Steve
