|
|
On Tue, May 04, 2004 at 10:12:03AM +0200, Sttf wrote: > # Allow packets from TUN/TAP devices. > iptables -A INPUT -i tun+ -j ACCEPT > iptables -A FORWARD -i tun+ -j ACCEPT > iptables -A INPUT -i tap+ -j ACCEPT > iptables -A FORWARD -i tap+ -j ACCEPT > > # Allow packets from private subnets > iptables -A INPUT -i br0 -j ACCEPT > iptables -A FORWARD -i br0 -j ACCEPT > > Why this differentiation? When you add a bridge interface, arent > you in fact creating a global-unique interface for all the bridged > ones? If there doesn't remain any IP assigned to any interface, why > this separate rules? Can you define specific rules for your specific > bridged interfaces?? You can define specific rules for the tap devices by referring to them explicitly with -i. tap+ is shorthand for all interfaces starting with tap. It's actually not available in early versions of iptables, where you would have to do them all separately, or with a bash for loop or similar. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |