On Wed, Oct 28, 2009 at 15:32, Marcus Moeller <mail@xxxxxxxxxxxxxxxxx> wrote:
> is there a way to combine iptables parameters like: iptables -A OUTPUT
> -p UDP & -p TCP -d $IP1 & -d $IP2 ?
Each of those parameters is called a "match", in IPTables-speak. You
can specify multiple matches in one rule, but all matches are combined
with an implicit logical AND. There is no way to get a logical OR
amongst multiple matches in a single rule. If you want OR logic, you
use multiple rules.
So, your example could not work as single rule, because no single IP
packet can be both TCP and UDP, and no single IP packet can have
multiple destination IP addresses. IPTables tries to prevent you from
creating nonsensical rules like that in most situations.
You would have to specify the required match space across multiple
rules, maybe something like this:
iptables -A OUTPUT -p UDP -d $IP1-j DROP
iptables -A OUTPUT -p TCP -d $IP1 -j DROP
iptables -A OUTPUT -p UDP -d $IP2 -j DROP
iptables -A OUTPUT -p TCP -d $IP2 -j DROP
-Ryan
--
Ryan B. Lynch
ryan.b.lynch@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
