Is it possible to specify more than one instance of a match extension for a given rule? The code seems to accept this, but when I try giving two TCP match options using iptables, it exits with an unclear error: root@xxxx# iptables -t nat -A POSTROUTING --source 10.0.0.0/8 -mtcp --destination-port 8080 --syn -mtcp --destination-port 80 -j MASQUERADE iptables v1.2.7a: Unknown arg `80' I know that my example can be accomplished using multiport, but it is just used to clarify my question, which is: Can more than one instance of a match extension exist for a single rule? Even if not, is this something possible in a future version of iptables? I am trying to build a MIB and a NET-SNMP module for iptables and I have to be sure of that, to avoid unneccessary work now or complications in the future. -- A: No. See http://www.netmeister.org/news/learn2quote.html Q: Should I include quotations after my reply ?
