iptables rules
Peggy Kam
ppkam at n-dsi.com
Thu Sep 15 17:37:09 CEST 2005
did the manpage gets changed recently? the iptables manpage that I see
states that:
--port [port[,port]]
Match if the both the source and destination ports are equal to
each other and to one of the given ports.
On Thu, 2005-09-15 at 17:26 +0200, Jörg Harmuth wrote:
> Peggy Kam wrote:
> > Hi,
> >
> > I have defined the following firewall rule in iptables:
> >
> > iptables -I FORWARD -s 192.168.22.102 -d 192.168.1.112 -p tcp -m tcp -m
> > multiport --ports 22,23,24,25 -j ACCEPT
> >
> > why were the packets able to get to 192.168.1.112 on port 22 when the
> > packets does not even come from ports 22,23,24 or 25?
>
> man iptables:
>
> --ports [!] port[,port[,port:port...]]
> Match if either the source or destination
> ports are equal to one
> of the given ports.
>
> So, this is expected behaviour, provided that there are no other rules
> in the way.
>
> HTH,
>
> Joerg
>
>
More information about the netfilter
mailing list