I have a well behaved bridge firewall using 2.4.22 with the relevant P-O-M patches applied. In testing 2.6.0-test9 I have determined that interface specification on a rule no longer works. For example, the first rule in the set that should catch 99% of all inbound TCP packets is iptables -A FORWARD -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT If the interface is specifed, then this rule does not accrue any packets. Is this an expected change in behavior from 2.4.22? -- Tim Gardner - timg@xxxxxxx 406-443-5357 TriplePoint, Inc. - http://www.tpi.com PGP: http://www.tpi.com/PGP/Tim.txt
