Le mer 17/12/2003 à 11:00, Knight, Steve a écrit : > Aha - that would explain why I was confused .... My fault. Sorry about this. Thanks Laurence for correction. Nervertheless, multiport match does not seem to support inversion either. cbr@elendil:~$ sudo iptables -A INPUT -p tcp -m multiport \ ! --sports 22,23 -j ACCEPT cbr@elendil:~$ sudo iptables -L INPUT -vn Chain INPUT (policy ACCEPT 33337 packets, 19M bytes) pkts bytes target prot opt in out source destination 30 3897 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport sports 22,23 A SSH session is running and I can see counter get up. You can still use the userchain trick to get what you want to do, with multiport match ;) -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
