I'm updating a RH ipchains packet filter script from the dim past to
iptables on Debian stable.
I noticed that when I specified the network the host is on (by IP/mask),
the iptables listing called it "localnet." So I tried using localnet in
the rule, and iptables seems to take it, and the chain seems to work.
But I can't find any documentation about that keyword in man, in Rusty's
HTML dox, or with google (lots of talk about it, but no dox).
Is localnet a legit iptables network specification or an undocumented
feature? What does it actually do (should I hang a CIDR mask on the end,
or would that be redundant)? If the host responds to several IPs, does
localnet cover then all? Or just eth0? How about eth0:1?
It would be very handy because this script is to set filtering on all my
DMZ and LAN hosts (by switching on their hostnames and IPs). I know I
could just try it and see if it works, but this is to be the packet
filter on the DMZ, and I'd like to do it as rigorously as I can.
TIA...