Maximum number of ports?

/dev/rob0 rob0 at gmx.co.uk
Thu Aug 11 18:54:07 CEST 2005


On Wednesday 2005-August-10 15:13, Peggy Kam wrote:
> What is the maximum number of ports that I can define in the
> iptables? What is the limitation?

Are you asking about the multiport match extension? If so please find 
the following in "man iptables" and post again if you do not understand 
it:

   multiport
       This  module matches a set of source or destination ports.
       Up to 15 ports can be specified.  It can only be used  in
       conjunction with -p tcp or -p udp

That particular limitation only applies to a single multiport command. 
You can have as many of those as you need. Perhaps you're asking about 
the maximum number of rules you can have? I don't know what that limit 
might be (if I was curious I would Google), but I bet it's higher than 
the 64K TCP ports plus the 64K UDP ports.

If you're writing a firewall with that many rules, it is probable that 
you could have done it better and more efficiently using a different 
approach. For instance, default policies of DROP and only ACCEPT the 
port/protocol combinations you need, plus the standard "-m state 
--state RELATED,ESTABLISHED -j ACCEPT" rules.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header



More information about the netfilter mailing list