Hi *,
John Leach écrivait :
> yeh I just checked that and I was wrong, whoops. Thanks.
> The message I get trying to add your rule is :
> iptables v1.2.8: multiport can only have one option
> Try `iptables -h' or 'iptables --help' for more information.
> As it says, multiport can't have both --source-port and
> --destination-port in the same rule.
> I expect you'll need to drop multiport and just create 2 rules (as long
> as $EPHEMERAL_PORTS doesn't rely on the multiport functionality).
Why not use something like this?
iptables -A OUTPUT \
-s "$PUB_IP" -o "$PUB_IFACE" -p tcp \
-m tcp --sport 1024:65535 -m multiport --dports 443,4030 \
-m state --state NEW -j ACCEPT
It works for me...
J.C.
--
Jean Christophe ANDRÉ <jean-christophe.andre@auf.org> http://www.vn.refer.org/
Coordonnateur technique régional / Associé technologie projet Reflets
Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP)
Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam
Tél. : +84 4 9331108 Fax : +84 4 8247383 Mobile : +84 91 3248747
/ Note personnelle : merci d'éviter de m'envoyer des fichiers PowerPoint ou \
\ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /
Attachment:
pgpXKggPB1c8s.pgp
Description: PGP signature