[H-GEN] IPTables problem

Snowy Angeilque Maslov aka 'Snowpony' snowy at snowy.org
Mon Jul 19 19:55:13 EDT 2004


Robert Brockway said the following on 20/07/2004 9:50 AM:

>From man iptables:
> 
>  -i, --in-interface [!] name
>               Name of an interface via which a packet is going to
>               be received (only for packets entering  the  INPUT,
>               FORWARD and PREROUTING chains).  When the "!" argu
>               ment is used before the interface name,  the  sense
>               is  inverted.  If the interface name ends in a "+",
>               then any interface which begins with this name will
>               match.   If  this  option is omitted, any interface
>               name will match.
> 
> The + option links the rule to any matching interface so without the +
> option is must be specific to a particular interfaces (alias or not), or
> so goes my logic.  I suppose this could be talking about eth+ rather than
> eth0+.  I haven't tried this but I may indeed do so when I get the time.


It is indeed talking about eth+ and similar interfaces.   This option is quite 
commonly used on ppp interfaces since pppd may not always bind to a specific 
ppp interface.  Instead of reloading your firewall rules with the updated name 
for the ppp interface you are using; a lot of people instead just use 'ppp+'.

Of course this only works if you normally only have a single ppp session on 
that particular machine.

-- 
Snowy "Snowpony" Angelique Cerise Maslov -- http://snowy.org/email.signature
PGP (GnuPG) fingerprint = 5280 6EBC D281 A9D2 564B  E274 B2EC 54C3 8325 CECD
Email not addressed/CCd to snowy at snowy.org BOUNCE.  READ URL for disclaimer!
    "Ignorance killed the cat, sir. Curiosity was framed." ---C.J. Cherryh





More information about the General mailing list