On Wednesday 2005-August-10 15:13, Peggy Kam wrote:
> What is the maximum number of ports that I can define in the
> iptables? What is the limitation?
Are you asking about the multiport match extension? If so please find
the following in "man iptables" and post again if you do not understand
it:
multiport
This module matches a set of source or destination ports.
Up to 15 ports can be specified. It can only be used in
conjunction with -p tcp or -p udp
That particular limitation only applies to a single multiport command.
You can have as many of those as you need. Perhaps you're asking about
the maximum number of rules you can have? I don't know what that limit
might be (if I was curious I would Google), but I bet it's higher than
the 64K TCP ports plus the 64K UDP ports.
If you're writing a firewall with that many rules, it is probable that
you could have done it better and more efficiently using a different
approach. For instance, default policies of DROP and only ACCEPT the
port/protocol combinations you need, plus the standard "-m state
--state RELATED,ESTABLISHED -j ACCEPT" rules.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
