I would like to open up a few ports, but only when they come in on a
particular adaptor/subnet.  How do I go about this? 
 
 
My iptables is/are auto configured by system-config-securitylevel so I
have not edited iptables file directly, but I have tried things like
"iptables -A -i tun0 -s 10.8.0.0/24 -j ACCEPT" and "iptables -A
RH-Firewall-1-INPUT -i tun0 -j ACCEPT" but nothing happens.
 
[root@myserver ~]# ifconfig
...
tun0      Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:965 errors:0 dropped:0 overruns:0 frame:0
          TX packets:987 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:90379 (88.2 KiB)  TX bytes:179210 (175.0 KiB)
 
[root@myserver ~]# iptables -A -i tun0 -s 10.8.0.0/24 -j ACCEPT
Bad argument `tun0'

However 
[root@myserver ~]# iptables -A RH-Firewall-1-INPUT -i tun0 -j ACCEPT
works in the sense that it does not give an error, but it also does not
seem to do anything.
 
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
...
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
...
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
 
Any help you could provide would be greatly appreciated