Re: IPTables question

To: debian-user@lists.debian.org
Subject: Re: IPTables question
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
Date: Sat, 09 Nov 2013 23:02:34 +0100
Message-id: <[🔎] 527EB0FA.8080801@plouf.fr.eu.org>
In-reply-to: <[🔎] 527E7517.9070508@uniserve.com>
References: <[🔎] 527E7517.9070508@uniserve.com>

Hello,

Bill.M a écrit :
> 
> In IPTables one can specify multiple addresses, and multiple ports, but 
> is there anyway to specify multiple interfaces.
> 
> For example,  -m multiport --destination-port 22,25,80
> 
> Or 	      -s 1.2.3.4,1.2.3.5,1.2.3.7 or -s 1.2.3.4:1.2.3.10

In addition to David's answer :
Unless recent change I am not aware of, you cannot specify an address
range in -s or -d. You must use the "iprange" match instead (or ipset if
your kernel supports it). Also, note that specifying multiple
comma-separated addresses or prefixes in -s or -d will result in
multiple rules being actually created, which can have undesirable
side-effects and impact efficiency.

Reply to:

Follow-Ups:
- Re: IPTables question
  - From: Shawn Wilson <ag4ve.us@gmail.com>

References:
- IPTables question
  - From: "Bill.M" <bill3@uniserve.com>

Prev by Date: Re: IPTables question
Next by Date: Re: Installing same packages in a Squeeze installation in a new Wheezy installation
Previous by thread: Re: IPTables question
Next by thread: Re: IPTables question
Index(es):
- Date
- Thread