multiports
Jan Engelhardt
jengelh at linux01.gwdg.de
Fri Aug 5 08:34:07 CEST 2005
>Is it possible to match multiple source and destination ports at the
>same time? It seems to me that it is not possible. I am using iptables
>version 1.2.11 and I have tried the following command:
>
>iptables -A INPUT -p tcp --src 192.168.1.0/255.255.255.0 -m tcp -m
>multiport --sports 22,80 --dst 192.168.22.123 -m multiport --dports
>22,80 -j ACCEPT
Everything is ANDed, so the following combinations are only possible with your
rule:
22/22
22/80
80/22
80/80
Probably not what you want, given that most HTTP clients connect from some
high-random port.
You need to separate rules,
-m multiport --dports 22,80
-m multiport --sports 22,80
to get an OR behavior
Jan Engelhardt
--
More information about the netfilter
mailing list