On 8/14/07, Gáspár Lajos <swifty@xxxxxxxxxxx> wrote: > pankaj jain írta: > > Hi, > > I was trying to drop arp packets such that only specific interface > > should answer the arp requests. > > I added following rules in input chain. > > -j DROP -i !eth1 -o * -d 10.19.1.102 --opcode 1 , pcnt=0 -- bcnt=0 > > -j DROP -i !eth2 -o * -d 10.19.51.102 --opcode 1 , pcnt=0 -- bcnt=0 > > > > > I think that this should be in THIS form: > > -j DROP ! -i eth1 .... > > as packet count suggests these are not matching against any packet. > > when I do arping from other machine to the 10.19.1.102 (assigned to > > the eth1 interface) > > arp requests are responded from eth0 (ip-10.19.0.102). > > why the rules are not having any effect > Swifty > > I tried arptables -A INPUT ! -i eth1 --opcode Request -d 10.19.1.102 -j DROP but it was not working. when i do the "arptables -L -nvx" it shows: -j DROP -i eth1 -o !* -d 10.19.1.102 --opcode 1 , pcnt=0 -- bcnt=0 -- Thanks Pankaj Jain
