>Is it possible to match multiple source and destination ports at the >same time? It seems to me that it is not possible. I am using iptables >version 1.2.11 and I have tried the following command: > >iptables -A INPUT -p tcp --src 192.168.1.0/255.255.255.0 -m tcp -m >multiport --sports 22,80 --dst 192.168.22.123 -m multiport --dports >22,80 -j ACCEPT Everything is ANDed, so the following combinations are only possible with your rule: 22/22 22/80 80/22 80/80 Probably not what you want, given that most HTTP clients connect from some high-random port. You need to separate rules, -m multiport --dports 22,80 -m multiport --sports 22,80 to get an OR behavior Jan Engelhardt --
