Maximum number of ports?

/dev/rob0 rob0 at
Thu Aug 11 18:54:07 CEST 2005

On Wednesday 2005-August-10 15:13, Peggy Kam wrote:
> What is the maximum number of ports that I can define in the
> iptables? What is the limitation?

Are you asking about the multiport match extension? If so please find 
the following in "man iptables" and post again if you do not understand 

       This  module matches a set of source or destination ports.
       Up to 15 ports can be specified.  It can only be used  in
       conjunction with -p tcp or -p udp

That particular limitation only applies to a single multiport command. 
You can have as many of those as you need. Perhaps you're asking about 
the maximum number of rules you can have? I don't know what that limit 
might be (if I was curious I would Google), but I bet it's higher than 
the 64K TCP ports plus the 64K UDP ports.

If you're writing a firewall with that many rules, it is probable that 
you could have done it better and more efficiently using a different 
approach. For instance, default policies of DROP and only ACCEPT the 
port/protocol combinations you need, plus the standard "-m state 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

More information about the netfilter mailing list