On Wednesday 2010-04-21 23:30, Richard Horton wrote: >On 21 April 2010 19:27, Narendra Choyal <narendrachoyal@xxxxxxxxx> wrote: > >> NOTE : >> -i also not work when we have two virtual IPs like eth0 and eth0:1 . >> In this case first rule will be applied whatever the interface is >> written i.e eth0 or eth0:1 . > >Might be totally off base but have vague memories that the virtual >interface can't be filtered using -i / -o. Because they are _NOT_ interfaces. Please, stop using tools like ifconfig. Their ioctls don't deal with multiple addresses and thus use fugly hacks like making up interfaces that are not really there and confusing the hell outta users. (Use iproute2 instead.) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
