On Monday 2011-06-20 17:39, icukeng@xxxxxxxxx wrote: >if ssh listens only on 192.168.229.131 at port 22 these rules are equivalent. >otherwise some user from another network (on another nic) can connect. > >Another nuance is possibility of ip/arp spoofing - you can get >192.168.229.131 from eth1. You can even get them without spoofing, by load-balancing, in which case the rules are not equivalent either. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
