[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]

On 01/09/2004 Mike Mestnik wrote:
> > wee, sounds very interesting, but how do i create this rule
> > "local_rules"?
> > 
> Sorry chain, not table, chains go into the filter, nat, and mangle tables.
> Make the chain named "local_rules" with "-N local_rules".

ok, so can i save this somehow?

> iptables module, not like a kmod.  Use "-m" to load iptable modules. 
> There should be a related kmod you will need, but it should be loaded/used
> for you.
> 
> > after loading the module, simply replace --dport and --sport with
> > --destination-ports and --source-ports and give 5 ips as argument
> > instead of one, correct?
> > 
> Yep, must use "-m multiport" previous to any "--ports" options.

now i have:
iptables -A INPUT -i eth0 -m multiport -p tcp -d 62.75.128.98
	--dports 210,215,220,225,230 -j ACCEPT
iptables -A OUTPUT -o eth0 -m multiport -p tcp -d 62.75.128.98
	--sports 210,215,220,225,230 -j ACCEPT
iptables -A INPUT -i eth0 -m multiport -p tcp -d 62.75.128.99
	--dports 210,215,220,225,230 -j ACCEPT
iptables -A OUTPUT -o eth0 -m multiport -p tcp -d 62.75.128.99
	--sports 210,215,220,225,230 -j ACCEPT


this should be ok, correct?

bye
 jonas
Reply to: