I'd like to make firewall-filtering rules where only IP Packets pass through which meet the following criterias:
1) the IP Source address is in a certain range can easily be done with ipchains ipchains -A input -s 1.2.3.0/24 -j ACCEPT ipchains -A input -j DENY 2) the last hop (the hop I got the packet from) has to have a certain IP or MAC-address AFAIK this is only possible with iptables. But kernel 2.4 is not recommended at the moment as firewall, because there are lots of bugs to be caught. Also solar designers patch (www.openwall.com/linux) will not be portet to 2.4 until 2.4.10 or so.
bye Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \