On Tue, 2003-10-14 at 23:10, Ted Kaczmarek wrote: > Digging around the only thing I found was a patch-o-matic that allowed > for doing a range of 15 ports. > > I see many references with dnat and snat, but nothing besides the patch > for input or forward chains. > > If anyone has a link that or info that can steer me in the right > direction the beers are on me at the Javits Center Linux show. > > Thanks, > Ted Do you mean something like specifying tpc port 135 through 139 in a single rule? iptables -A INPUT -i $EXTIF -p tcp --dport 135:139 -j DROP If you mean non-contiguous ports, you're looking at multiport: iptables -A INPUT -p tcp -m mulitport --dport 21,25,80,110,143,443 -j ACCEPT Multiport is limited to 15 ports per rule. j
