P theodorou napisał(a):
Im new to this therefore i need to clarify the followings 1)can i send or recieve packets from interface to ip and vise versa or only to interfaces and only to ips 2) I want to let icmp packets from 192.168.0.1(eth1) to 192.168.1.1(eth2) is it safer to declare iptables -A INPUT -i eth1 -o eth2 -J ACCEPT or iptables -A INPUT -s 192.168.0.1 -d 192.168.1.1
It depends on what you really want to do. If you want to control the flow on the level of physical interfaces, you use -i and -o. If you want to control on the level of IP addresses, you use -s and -d. But that you already know. You can also combine both forms to, for example, filter out traffic which comes from a physical interface, but from IP's not belonging to this network. Or other similar things. Anyway, it's up to you to decide which form is apropriate for what you want to achieve. Remember tho, that you can use -s and -d in any table/chain (correct me if I'm wrong) regardless of whether it makes sense or not (already NATted or not yet and so on), but physical interfaces are limited to those tables/chains they make sense in. So you cannot use input interface in POSTROUTING because netfilter simply doesn't know which interface the packet came from.
