Re: mport trouble

["curby ." <curby.public@gmail.com>]

On 8/4/05, Bastian Blank <waldi@debian.org> wrote:
> On Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote:
> > $ iptables -A FORWARD -p tcp -m mport --dports 22 -j  ACCEPT
> > iptables: No chain/target/match by that name
> > $
> 
> Where did you found the information that mport supports --dports? The
> iptables manpage specifies --destination-ports since many years.

The manpage only talks about multiport, not mport.  I wish to use
mport to specify ranges.  I got the information from the following:

$ iptables -m mport --help
iptables v1.2.11
[snip]
mport v1.2.11 options:
 --source-ports port[,port:port,port...]
 --sports ...
                                match source port(s)
 --destination-ports port[,port:port,port...]
 --dports ...
                                match destination port(s)
 --ports port[,port:port,port]
                                match both source and destination port(s)
$

Also, by the way:

$ iptables -A FORWARD -p tcp -m mport --destination-ports 22 -j  ACCEPT
iptables: No chain/target/match by that name
$

It seems mport isn't even supported, but then I'd expect the following
to result in the same error:

$ iptables -A FORWARD -p tcp -m mport
iptables v1.2.11: mport expects an option
Try `iptables -h' or 'iptables --help' for more information.
$ iptables -A FORWARD -p tcp -m nosuchmatchiniptables
iptables v1.2.11: Couldn't load match
`nosuchmatchiniptables':/lib/iptables/libipt_nosuchmatchiniptables.so:
cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
$