Problems with limit matching and some other stuff

[Crazydj]

Hi @ll network berserker and linux lovers out there!!! =)
I am a firewall newbie and therefore a newbie in configuring iptables.
AND I have some problems here tonight.
1. How can I describe a list of ports? I have read the iptables man-page

and the offical iptables HOWTO written by Rusty, but I still dont know
how to do it!
I have tried the following:
iptables -I INPUT 1 -p tcp --destination-port 21,22,23  OR
iptables -I INPUT 1 -p tcp --destination-port 21:22:23 OR
iptables -I INPUT 1 -p tcp --destination-port (21,22,23) OR
iptables -I INPUT 1 -p tcp --destination-port 21 22 23
...but nothing works! Can anyone explain the syntax, please??

2. I have compiled a new kernel with limit matching enalbed abd tried to

prevent me from being SYN flooded like described in Rustys HOWTO:
iptables -A FORWARD  -i eth0 -p tcp --syn -m limit --limit 1/s -j ACCEPT

...but the limit matching seems to nothing!
Another test was: iptables -I INPUT 1 -i eth0 -p tcp --destination-port
22 -m limit --limit 1/h -j ACCEPT
But I still can connect to this host via SSH how often I like to do
so...

3. I also tried to drop XMAS and NULL packets used by nmap scans with
iptables -I INPUT 1 -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
iptables -I INPUT 1 -i eth0 -p tcp --tcp-flags ALL NONE -j DROP
But I can still scan the ports of the hosts behind the firewall.

Any quick ideas to solve my problems here?
FORWARDING a BIG thanx!!
...and best greets =)

Bastian Ballmann