Cedric I will head off to create a user-chain then :D thanks for your research! And thanks to all others who contributed their wisdom :D Thanks and mulled wine to all steve -----Original Message----- From: Cedric Blancher [mailto:blancher@xxxxxxxxxxxxxxxxxx] Sent: 17 December 2003 4.18 To: Knight, Steve Cc: netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: quickie - exclamation point with multiport Le mer 17/12/2003 à 11:00, Knight, Steve a écrit : > Aha - that would explain why I was confused .... My fault. Sorry about this. Thanks Laurence for correction. Nervertheless, multiport match does not seem to support inversion either. cbr@elendil:~$ sudo iptables -A INPUT -p tcp -m multiport \ ! --sports 22,23 -j ACCEPT cbr@elendil:~$ sudo iptables -L INPUT -vn Chain INPUT (policy ACCEPT 33337 packets, 19M bytes) pkts bytes target prot opt in out source destination 30 3897 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport sports 22,23 A SSH session is running and I can see counter get up. You can still use the userchain trick to get what you want to do, with multiport match ;) -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! ----------------------------------------------------------------------- Information in this email may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. -----------------------------------------------------------------------
