Hello, I am new in iptables but I know well about it. I my suggenstion, Here, x.x.x.10 <== eth0 x.x.x.20 <== eth1 <---> If we want to deny/restrict this ethernet card. #iptables -I INPUT -p tcp --dport 5900 -d x.x.x.20 -j DROP #iptables -I OUTPUT -p tcp --sport 5900 -s x.x.x.20 j DROP *** Default Policies of INPUT and OUTPUT must be ACCEPT NOTE : -i also not work when we have two virtual IPs like eth0 and eth0:1 . In this case first rule will be applied whatever the interface is written i.e eth0 or eth0:1 . -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
