pankaj jain írta:
Hi, I was trying to drop arp packets such that only specific interface should answer the arp requests. I added following rules in input chain. -j DROP -i !eth1 -o * -d 10.19.1.102 --opcode 1 , pcnt=0 -- bcnt=0 -j DROP -i !eth2 -o * -d 10.19.51.102 --opcode 1 , pcnt=0 -- bcnt=0
I think that this should be in THIS form: -j DROP ! -i eth1 ....
as packet count suggests these are not matching against any packet. when I do arping from other machine to the 10.19.1.102 (assigned to the eth1 interface) arp requests are responded from eth0 (ip-10.19.0.102). why the rules are not having any effect
Swifty
