CC commmunication schrieb: > Thankyou very much for your help. > I have read a lot about iptables, but i cannot find > any information about how many matches can be done in > one statement. > e.g > can i match source subnet, destination subnet, source > port range and destination port range with the --syn > flag set.. etc. yes > If any one can explain how options can be matched in > one iptables statement. simply write one after the other as in my previous example. Combine as you need it. > i know it could be done by using user defined traget, > and then do further processing with that traget You can do it in any chain (also user defined ones), but depending on the chain in question it's more or less usefull. And also depending on the target some matches are more or less usefull. E.g. with layer7-patch, matching against ports is totally useless ;) Have a nice time, Joerg
