netfilter-bounces@xxxxxxxxxxxxxxxxxxx wrote: >> A multi-homed firewall having at least two interfaces, is known, at >> least to itself by those IP/hostnames combos assinged to its >> interfaces. <i.e. ppp0 and eth0> So say rules coming from the ppp0 >> interface into the firewall <INPUT rules> are directed to it's other >> name/interface >> >> -i /dev/ppp0 -d /dev/eth0 > > well--those values make no sense whatsoever, but if you're > asking if the following is valid: > > iptables -A INPUT -i ppp0 -d $IP_OF_ETH0 -j ACCEPT > > then yes. the INPUT chain is traversed by packets destined > for a local process (IP addresses). the input interface is > just a tag attached to the packet. I'm not sure I understand this : I agree it's a valid rule (syntax), but I don't think it will ever match a packet. If -i and -d are specified, they both have to match to accept a packet, right ? Because <ip_eth0> is not assigned to ppp0, how can -i ppp0 -d <ip_eth0> ever match for the INPUT chain ? Gr, Rob
