Hi *, John Leach écrivait : > yeh I just checked that and I was wrong, whoops. Thanks. > The message I get trying to add your rule is : > iptables v1.2.8: multiport can only have one option > Try `iptables -h' or 'iptables --help' for more information. > As it says, multiport can't have both --source-port and > --destination-port in the same rule. > I expect you'll need to drop multiport and just create 2 rules (as long > as $EPHEMERAL_PORTS doesn't rely on the multiport functionality). Why not use something like this? iptables -A OUTPUT \ -s "$PUB_IP" -o "$PUB_IFACE" -p tcp \ -m tcp --sport 1024:65535 -m multiport --dports 443,4030 \ -m state --state NEW -j ACCEPT It works for me... J.C. -- Jean Christophe ANDRÉ <jean-christophe.andre@auf.org> http://www.vn.refer.org/ Coordonnateur technique régional / Associé technologie projet Reflets Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam Tél. : +84 4 9331108 Fax : +84 4 8247383 Mobile : +84 91 3248747 / Note personnelle : merci d'éviter de m'envoyer des fichiers PowerPoint ou \ \ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /
Attachment:
pgpXKggPB1c8s.pgp
Description: PGP signature