Re: mport trouble
On 2005-08-04 email@example.com wrote:
> On 8/4/05, Bastian Blank <firstname.lastname@example.org> wrote:
>> On Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote:
>>> $ iptables -A FORWARD -p tcp -m mport --dports 22 -j ACCEPT
>>> iptables: No chain/target/match by that name
>> Where did you found the information that mport supports --dports? The
>> iptables manpage specifies --destination-ports since many years.
> The manpage only talks about multiport, not mport.
The manpage talks about both multiport and mport, and according to the
manpage they support the same flags (and --dports is an alias to
--destination-ports in both cases). However ...
> I got the information from the following:
> $ iptables -m mport --help
> iptables v1.2.11
> mport v1.2.11 options:
> --source-ports port[,port:port,port...]
> --sports ...
> match source port(s)
> --destination-ports port[,port:port,port...]
> --dports ...
> match destination port(s)
> --ports port[,port:port,port]
> match both source and destination port(s)
... the iptables help *does* state that port ranges are supported with
module "mport", but not with module "multiport". The manpage may be a
little outdated here.
> Also, by the way:
> $ iptables -A FORWARD -p tcp -m mport --destination-ports 22 -j ACCEPT
> iptables: No chain/target/match by that name
Do you have multiple port match compiled into your kernel? Try this:
grep CONFIG_IP_NF_MATCH_MULTIPORT /boot/config-`uname -r`
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."