IPTables - Blocking ports on eth0:x Network Interfaces

Question

I'm wondering, is it possible to block certain ports on different interfaces such as eth0:0 eth0:1...

For instance, if I want to block on eth0:0 ports 22 and 25 and leave those open on eth0:1 I'm open to any suggestions!

Thanks guys!

score 2 · Answer 1 · answered Jul 03 '11 at 03:19

2

This is acheived by using the -i option when adding rules to the INPUT chain.

Here's an example for what you requested (assuming you default drop on your INPUT chain):

iptables -I INPUT 1 -p tcp -i eth0:1 --dport 22 -j ACCEPT
iptables -I INPUT 1 -p tcp -i eth0:1 --dport 25 -j ACCEPT

answered Jul 03 '11 at 03:19

Kyle Smith

I thought `eth0:0` will be treated just like `eth0:1`...if both are `eth0`. I'm wondering, does iptables support aliases? Note that `eth0` `eth0:0` and `eth0:1` have different IPs assigned. – Kayla Jul 04 '11 at 19:22
1

From a brief google, it looks like subinterfaces aren't supported by iptables. I'm awfully surprised by this and I wonder if it's been updated. I don't have a test system handy to give it a shot. At any rate, you could use -d instead to filter by "destination IP address". – Kyle Smith Jul 04 '11 at 20:51

1 Answers1