Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
> On 01/09/2004 Mike Mestnik wrote:
> > There are several things you can do. I would make a new table called
> > local_rules or something and put each "-p tcp --?port" rule in there.
> > Then it as easy as "-d ??.??.128.98 -j local_rules" and "-d ??.??.128.99
> > -j local_rules".
Selon Jonas Meurer <jonas@freesources.org>:
> wee, sounds very interesting, but how do i create this rule "local_rules"?
iptables -N local_rules
iptables -A local_rules ...
> > There is also "-m multiport "...
> > This module matches a set of source or destination ports. Up to 15
> > ports can be specified. It can only be used in conjunction with -p tcp or
> > -p udp.
> > --source-ports port[,port[,port...]]
> > --destination-ports port[,port[,port...]]
> > --ports port[,port[,port...]]
> also interesting, but i really don't know how to use it.
> the manpage tells me that it's a module, so i have to load it into
> kernel, but afterwards?
Any module will be dynamicaly loaded as soon as you use "-m module".
iptables -A OUTPUT ... -m multiport --dports 210,215,220,225,230 ...
For your .98 & .99 problem, you may use something like this:
iptables -A OUTPUT -d ???.???.128.98/255.255.255.254 ...
or like this (exactly the same in this case):
iptables -A OUTPUT -d ???.???.128.98/31 ...
This only work for an even number and the next one (98 & 99),
but not for an odd number and the next one (99 & 100). This is
because of binary base logic (change only in the last bit).
There is also some good (translated) documentation here:
http://www.iptables.org/documentation/
--
Jean Christophe André.
Agence universitaire de la Francophonie - Bureau Asie Pacifique
Reply to: