Actually, couldn't this be just a 2.6.x change? (I never saw the rules go by...) I thought I saw a message go by earlier to that effect. Something about the syntax and needing '--physdev' and '-i' both, or something? I could search the archives, I guess, but instead I suggest Gonya give that a go. Bob -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Antony Stone Sent: Friday, January 02, 2004 8:03 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: [despammed] -i and -o options for iptables FORWARD chain On Friday 02 January 2004 1:30 pm, Andreas Kretschmer wrote: > am Wed, dem 31.12.2003, um 15:36:34 -0800 mailte Gongya Yu folgendes: > > Hi, I just updated Linux kernel to 2.6.0 with iptables and ebtables > > enabled. > > I'm using iptables on 2.4.x, possible there are differences with 2.6.x. > > > But iptables ignores -i and -o options for FORWARD chain. Wheneneve I use > > something like -i eth0 or -o eth0, the rule is just ignored. > > RTFM! > > -i is only for INPUT, FORWARD and PREROUTING > -o is only for FORWARD, OUTPUT and POSTROUTING Are you suggesting that -i and -o cannot be used in FORWARD? As far as I can see the syntax of the rule Gonya posted is perfectly okay. Antony. -- Christmas is an opportunity to upgrade to kernel 2.6 while no-one's around to notice the downtime. Please reply to the list; please don't CC me.
