Hi > The two sets certainly can be different (mathematically), so choose > wisely. Especially since addresses can occur on any interface. Currently we are not using DHCP to get IP addresses. So for us, it is always eth0 with 192.168.229.131 and eth1 with 192.168.124.135 address. we wanted to know the difference between option 1 and option 2 ( mentioned in the first mail of this mail chain) with respect to security of the system. >Another nuance is possibility of ip/arp spoofing - you can get 192.168.229.131 from eth1. Because of the above reason, do we compromise the security of our system if we don't use interface name while enabling a port. Thanks and regards, Adishesh -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
