Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
RE: [suse-security] IP alias and SuSE firewall
  • From: Peer Stefan <stefan.peer@xxxxxxxx>
  • Date: Wed, 5 Jun 2002 12:53:23 +0200
  • Message-id: <3559BA35534FD511A1200002557C39B019D339@xxxxxxxxxxxxxxxxxxxxx>
hi
> Aliases in IPTABLES and IPCHAINS do not know aliases. There's no
> ippp0:0, only ippp0. You can only distiguish by ip:
> -i ippp0 -s 10.0.0.0/8
> and
> -i ippp0 -s 172.16.0.0/12
> or something like that.
>
> Got no clue about SuSE firewall though, but there's no way around the
> alias limitiation.
FW_DEV_EXT="eth0 eth0:0 eth0:0:1" works (SuSEfirewall2), but SuSEfirewall2
uses IP-addresses, not interfaces - therefore it's a bit tricky with
dhcp-addresses ;-)

another funny thing is the wildcard character '+':
* "iptables -A INPUT -j ACCEPT -i 'eth0:0' -d 10.100.4.216" does not work.
* "iptables -A INPUT -j ACCEPT -i 'eth0+' -d 10.100.4.216" works for
eth0:0 but not for eth0 (if you have just one virtual interface)

regards,
stefan

< Previous Next >
This Thread
Follow Ups