On Wednesday 28 October 2009 16:36, Marcus Moeller wrote: > Dear Ryan. > > >> is there a way to combine iptables parameters like: iptables -A OUTPUT > >> -p UDP & -p TCP -d $IP1 & -d $IP2 ? > > > > Each of those parameters is called a "match", in IPTables-speak. You > > can specify multiple matches in one rule, but all matches are combined > > with an implicit logical AND. There is no way to get a logical OR > > amongst multiple matches in a single rule. If you want OR logic, you > > use multiple rules. > > > > So, your example could not work as single rule, because no single IP > > packet can be both TCP and UDP, and no single IP packet can have > > multiple destination IP addresses. IPTables tries to prevent you from > > creating nonsensical rules like that in most situations. > > > > You would have to specify the required match space across multiple > > rules, maybe something like this: > > > > iptables -A OUTPUT -p UDP -d $IP1-j DROP > > iptables -A OUTPUT -p TCP -d $IP1 -j DROP > > iptables -A OUTPUT -p UDP -d $IP2 -j DROP > > iptables -A OUTPUT -p TCP -d $IP2 -j DROP > > That's what I am doing atm. Thanks for the update. Even simpler; iptables -A OUTPUT -d $IP1 -j DROP iptables -A OUTPUT -d $IP2 -j DROP This will catch everything doesn't matter if its UDP or TCP or ICMP. -- Regards Robert Linux User #296285 http://counter.li.org _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos