Hello IPFilter Guru World, I've encountered some strangeness in filtering on a multihomed Linux box, CentOS 5, x86_64, 2.6.18-164.15.1.el5, where using the interface flag (-i) does not work. So this box has two interfaces on the local subnet, eth0 and eth1. I would like to restrict VNC to only one of the interfaces, eth1. At the start, VNC does not work. So I add this: -A INPUT -i eth1 -p tcp -m multiport --port 5900 -j ACCEPT Then, VNC starts working on eth0 AND eth1. Since I know the address of eth1, I then put it in explicitly as: -A INPUT -i eth1 -p tcp -d 192.168.1.34 -m multiport --port 5900 -j ACCEPT Amazingly, this works and now VNC traffic is only allowed on eth1 (address 192.168.1.34). So I believe I am concluding correctly that interface filtering *does not work* for INPUT statements in multihomed machines. I also wonder if it does not work at all for any interface. This is with IPTables 1.3.5. It is a real PITA since I have to rewrite all my rules for specific IPs and then bind my adapters to those IPs. Any meaninful comments are appreciated, even if I am really off base here. Thanks! -- IngyHere -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
