On 11/03/11 5:43 PM, Fajar Priyanto wrote: > Now, I'm adding some virtual interface eth1:0, eth1:1... so on to > accommodate new subnets created in the LAN. whats the point of having multiple subnets on the same physical LAN segment ? if you want to isolate separate local networks, you really should use separate physical adapters with separate switches... or VLAN switching if you have a switch that supports VLAN trunking. anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. -- john r pierce N 37, W 122 santa cruz ca mid-left coast