Hi da_bug, * Sun, 30 Dec 2001 15:39:48 +0100 da_bug wrote:

If I want to block e.g. telnet for my two ippp-devices I do it this way (this works very good :)):

iptables -A INPUT -i ippp0 -p tcp --dport 23 -j DROP iptables -A INPUT -i ippp1 -p tcp --dport 23 -j DROP

So my question: Is there a way that I don't need to write a rule for every single interface?

Perhaps you'll write a bash/shell script for your firewall, so it's easy to do as you like: DEVICES="ippp1 ippp2 ippp3 ippp4" for DEV in $DEVICES do iptables -A INPUT -i $DEV -p tcp --dport 23 -j DROP done

Something like "iptables -A INPUT -i ippp0,ippp1 -p tcp --dport 23 -j DROP" (I know this does not work)

Simply NO! HTH, Johannes