Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
--- Jonas Meurer <jonas@freesources.org> wrote:
> On 01/09/2004 Mike Mestnik wrote:
> > There are several things you can do. I would make a new table called
> > local_rules or something and put each "-p tcp --?port" rule in there.
> > Then it as easy as "-d ??.??.128.98 -j local_rules" and "-d
> ??.??.128.99
> > -j local_rules".
>
> wee, sounds very interesting, but how do i create this rule
> "local_rules"?
>
Sorry chain, not table, chains go into the filter, nat, and mangle tables.
Make the chain named "local_rules" with "-N local_rules".
> > There is also "-m multiport "...
> > This module matches a set of source or destination ports. Up to
> 15
> > ports can be specified. It can only be used in conjunction with -p
> tcp or
> > -p udp.
> >
> > --source-ports port[,port[,port...]]
> > --destination-ports port[,port[,port...]]
> > --ports port[,port[,port...]]
>
> also interesting, but i really don't know how to use it.
>
> the manpage tells me that it's a module, so i have to load it into
> kernel, but afterwards?
>
iptables module, not like a kmod. Use "-m" to load iptable modules.
There should be a related kmod you will need, but it should be loaded/used
for you.
> after loading the module, simply replace --dport and --sport with
> --destination-ports and --source-ports and give 5 ips as argument
> instead of one, correct?
>
Yep, must use "-m multiport" previous to any "--ports" options.
> bye
> jonas
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
Reply to: