Symptom

When adding a new iptables rule the following error can appear:

Warning: weird character in interface `eth0:1' (No aliases, :, ! or *).

Where eth0 is your interface and 1 is the alias or virtual interface.

Cause

Aliases / virtual interfaces are not allowed in iptables. Aliases have offically been depreciated in favour of using the ip command but they are still widely used.

Resolution

Depending on the type of rule the -s (source) or -d (destination) parameter can be used to limit the rule to a specific interface.

#Only allow interfaces with ips 1.1.1.1 and 2.2.2.2 to accept pings
-A icmp_packets -d 1.1.1.1 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A icmp_packets -d 2.2.2.2 -p icmp -m icmp --icmp-type 8 -j ACCEPT
#Deny pings on interface with ip 3.3.3.3
-A icmp_packets -d 3.3.3.3 -p icmp -m icmp --icmp-type 8 -j DROP

#Block port 80 on interface with ip 1.1.1.1
-A INPUT -d 1.1.1.1 -p tcp -m tcp --dport 80 -j ACCEPT

#Unless you have a specific binding order there is normally no need to limit
#which interfaces can make out going connections.

#Only allow interface with ip 2.2.2.2 to perform DNS queries
-A OUTPUT -s 2.2.2.2 -p udp -m tcp --dport 53 -j ACCEPT

#Only allow interface with ip 3.3.3.3 to perform AXFRs
-A OUTPUT -s 3.3.3.3 -p tcp -m tcp --dport 53 -j ACCEPT

See Also

Iptables

Category:Linux Category:Networking Category:Iptables