blocking all traffic except selected ports

Jason Opperisano opie at
Sun Apr 24 00:50:47 CEST 2005

On Sat, Apr 23, 2005 at 06:36:15PM -0400, Ed wrote:
> Actually (after having a pot of coffee) I just looked at `iptables -m
> multiport --help` on my box, and saw the following:
> multiport v1.3.1 options:
>  --source-ports [!] port[,port:port,port...]
>  --sports ...
>                                 match source port(s)
>  --destination-ports [!] port[,port:port,port...]
>  --dports ...
>                                 match destination port(s)
>  --ports [!] port[,port:port,port]
>                                 match both source and destination port(s)
> It seems multiport has been updated to use port ranges after all.
> (Note to self: don't reply to messages right after waking up either.
> UGH! I thought there was a reason that I switched from mport to
> multiport on my router...)
> # uname -r && iptables --version
> iptables v1.3.1

this brings out an interesting point--as i was speaking from an iptables
1.2.11 perspective (i have not updated a single box to 1.3.x)...we're
probably going to have to start specifying iptables version on almost
every post to keep from confusing the hell outta people.


