On 8/14/07, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > On 08/14/07 01:45, pankaj jain wrote: > > I was trying to drop arp packets such that only specific interface > > should answer the arp requests. > > Will you please elaborate a bit more on why you are trying to accomplish > this and what your situation is? I feel like there is more to this > puzzle that will help us help you. For example, do you have multiple > (VLAN) physical interfaces on the same subnet or do you have an overly > large netmask that encompasses both IPs in your post? > > > > Grant. . . . > > I have a machine with 3 interfaces eth0: 10.19.0.102 mask (255.255.255.0) eth1: 10.19.1.102 mask (255.255.255.0) eth2: 10.29.51.102 mask (255.255.255.0) all three are connected in a same switch (no vlans configured). I want arp requests to be responded by the associated interface only, and not by other interfaces. I have added following rules. arptables -A INPUT -i eth0 --opcode Request -d 10.19.0.102 -j ACCEPT arptables -A INPUT -i eth1 --opcode Request -d 10.19.1.102 -j ACCEPT arptables -A INPUT -i eth2 --opcode Request -d 10.19.51.102 -j ACCEPT arptables -A INPUT -i !eth0 --opcode Request -d 10.19.0.102 -j DROP arptables -A INPUT -i !eth1 --opcode Request -d 10.19.1.102 -j DROP arptables -A INPUT -i !eth2 --opcode Request -d 10.19.51.102 -j DROP DROP rules with [!] are not working. but if I remove the interface part it works fine arptables -A INPUT -i eth0 --opcode Request -d 10.19.0.102 -j ACCEPT arptables -A INPUT -i eth1 --opcode Request -d 10.19.1.102 -j ACCEPT arptables -A INPUT -i eth2 --opcode Request -d 10.19.51.102 -j ACCEPT arptables -A INPUT --opcode Request -d 10.19.0.102 -j DROP arptables -A INPUT --opcode Request -d 10.19.1.102 -j DROP arptables -A INPUT --opcode Request -d 10.19.51.102 -j DROP -- Thanks Pankaj Jain
