hello,

I have a question regarding iptables rules!

In cisco environment u can create an acl, but if u don't apply it on an interface and direction it doesn't filter anything; so u should apply it on an interface and also on a direction (in/out)

In linux environment u create a rule with iptables command for a tables and chain; ex. filter table , INPUT chain ... but when u have multiple network interfaces how can u specify the direction? INPUT is for WAN or LAN interface ?
If I set the policy for INPUT/filter to DROP, the kernel will drop the packets originating from WAN and for LAN also, how can I specify the direction? I want to set policy to DROP for INPUT/filter for WAn interface and let everybody from my LAN to do everything...

thanks!

INPUT is packets destined for the local system via a given interface, that interface is given with the -i option, e.g. "-i eth1" or "-i ppp0". There can be no concept of a "WAN" or "LAN" interface in the kernel, that's down to you and your diagrams and conventions.