On Thu, Oct 29, 2009 at 16:57, Robert Spangler <mlists@xxxxxxxxxxxxxxxx> wrote: > Even simpler; > > iptables -A OUTPUT -d $IP1 -j DROP > iptables -A OUTPUT -d $IP2 -j DROP > > This will catch everything doesn't matter if its UDP or TCP or ICMP. I think you're missing the point of the original question: It's just an example rule set to illustrate multiple matches. Marcus wanted to know, generally, whether IPTables supports logical ORing matches together. And assuming it is a real-world example: Why would you assume he'd want to block ICMP, too? I allow ICMP in a lot of rule sets that forbid just TCP/UDP traffic, so I can check host uptime and link latency without exposing any listening daemons. My routers use a similar ruleset, too: They need to be able to talk ICMP with anybody on the Internet, but not anything else. -R _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos