On Wed, 9 Oct 2002, Antony Stone wrote: > i wrote: > > 2) in all of the docs i've read, the claim is that port matching is > > an implicit match within either UDP or TCP matching and that you > > *must* specify a protocol before you're allowed to specify ports. > > This is correct. The --dport or --sport options are invalid without also > specifying -p tcp or -p udp > > > however, i've certainly seen and used rules that refer to a port > > or ports without first specifying a protocol. is the documentation > > just misleading here? > > Can you give an example of a rule which works, and which specified a port but > not a protocol ? just the other day, i was at a local LUG meeting and a guy was giving a quick tutorial on iptables and displayed a sample rule file that contained the rule: iptables -A FORWARD --destination 172.16.0.2 --destination-port 25 \ --jump ACCEPT doesn't this represent an example of what i was asking about? a reference to a port with no reference to protocol. rday
