Maximum number of ports?
rob0 at gmx.co.uk
Thu Aug 11 18:54:07 CEST 2005
On Wednesday 2005-August-10 15:13, Peggy Kam wrote:
> What is the maximum number of ports that I can define in the
> iptables? What is the limitation?
Are you asking about the multiport match extension? If so please find
the following in "man iptables" and post again if you do not understand
This module matches a set of source or destination ports.
Up to 15 ports can be specified. It can only be used in
conjunction with -p tcp or -p udp
That particular limitation only applies to a single multiport command.
You can have as many of those as you need. Perhaps you're asking about
the maximum number of rules you can have? I don't know what that limit
might be (if I was curious I would Google), but I bet it's higher than
the 64K TCP ports plus the 64K UDP ports.
If you're writing a firewall with that many rules, it is probable that
you could have done it better and more efficiently using a different
approach. For instance, default policies of DROP and only ACCEPT the
port/protocol combinations you need, plus the standard "-m state
--state RELATED,ESTABLISHED -j ACCEPT" rules.
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the netfilter