On Mon, Jan 31, 2005 at 04:45:52PM -0500, R. DuFresne wrote:
> ipfwadm and I believe ipchains allowed port ranges, as in 135:139. Does
> this worj te same with --dport/--sport? My reading indicates the list or
> 'range' requires that the ports be a comma seperated list, rather then the
> ole 'range' option of old.
both --sport and --dport support the port[:port] syntax (this is in the
man page of iptables). the comma-separated list syntax is a feature of
the multiport/mport matches. multiport only supports a comma-separated
list of single ports, while mport supports a comma separated list of
single ports or ranges (where ranges eat up two values). both multiport
and mport have a element max of 15.
i.e., all of the following are valid:
Syntax Ports
---------------------------------------------------------------------
--dport 137:139 137 - 139
--sport 1:1023 1 - 1024
--sport 1024: 1024 - 65535
-m multiport --dports 80,443 80 and 443
-m mport --dports 21:23,80,443 21, 22, 23, 80 and 443
HTH...
-j
--
"Me lose brain? Uh, oh! Ha ha ha! Why I laugh?"
--The Simpsons
