Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
On 09/09/2004 Jonas Meurer wrote:
> now i understand ;) i assume that using more than one -m options is ok
> at all, and now have in firehol.conf:
>
> iptables -A INPUT -i eth0 -m state --state NEW \
> -m multiport --dports 210,215,220,225,230 \
> -p tcp -d 62.75.128.98/31 -j ACCEPT
> iptables -A OUTPUT -o eth0 -m state --state ESTABLESHED,RELATED \
> -m multiport --sports 210,215,220,225,230 \
> -p tcp -s 62.75.128.98/31 -j ACCEPT
sorry, but this doesn't work. the -p tcp is needed by multiport so i
changed the rules to:
iptables -A INPUT -i eth0 -m state --state NEW \
-m multiport -p tcp --dports 210,215,220,225,230 \
-d 62.75.128.98/31 -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED \
-m multiport -p tcp --sports 210,215,220,225,230 \
-s 62.75.128.98/31 -j ACCEPT
everything's ok with these lines?
bye
jonas
Reply to: