iptables rule command help

Jörg Harmuth harmuth at mnemon.de
Tue Aug 30 16:26:17 CEST 2005


CC commmunication schrieb:
> Thankyou very much for your help.
> I have read a lot about iptables, but i cannot find
> any  information about how many matches can be done in
> one statement.
> e.g
> can i match source subnet, destination subnet, source
> port range and destination port range with the --syn
> flag set.. etc.

yes

> If any one can explain how options can be matched in
> one iptables statement. 

simply write one after the other as in my previous example. Combine as
you need it.

> i know it could be done by using user defined traget,
> and then do further processing with that traget

You can do it in any chain (also user defined ones), but depending on
the chain in question it's more or less usefull. And also depending on
the target some matches are more or less usefull. E.g. with
layer7-patch, matching against ports is totally useless ;)

Have a nice time,

Joerg



More information about the netfilter mailing list