The -i is for interfaces only, not ip aliases. Try iptables -A INPUT -p icmp -i eth0 -d 192.168.1.1 -j DENY iptables -A INPUT -p icmp -i eth0 -d 192.168.2.1 -j ACCEPT And, I don't thing there is such a thing called DENY unless You -N it. On Thu, 14 Oct 2004 23:55:35 -0400, Chris Verges <squirrel@xxxxxxxxxxx> wrote: > Hey, > > Is there a way to add firewall rules for subinterfaces? I'm > trying to do the equivalent of: > > eth0 Intel Pro 10/100 > eth0:0 192.168.1.1 > eth0:1 192.168.2.1 > > iptables -A INPUT -p icmp -i eth0:0 -j DENY > iptables -A INPUT -p icmp -i eth0:1 -j ACCEPT > > When I try to do this at the command line, iptables spits back > an error about how colons (:) are not allowed in the interface > name. That brings up the interesting question of how to do this > whole thing ... > > Any advice or insight is greatly appreciated! > > Thanks, > > chris > -- > http://headnut.org > squirrel@xxxxxxxxxxx > > -- Bla bla
