Realos wrote:
Jörg Harmuth wanted us to know:
I see. You are referring to -m mport --port*s* (by the way, there is a
typo or are you referring to another module ?), which is different from
-m multiport --port*s* port[...] - which I was referring to. Your rule was
... -m multiport --ports 22,23,24,25 -j ACCEPT
So I looked for multiport.
There seems to be an inconsistence between man pages Jörg Harmuth has installed
and of some other people (the original poster and myself at least).
man iptables:
mport
...
--ports port[,port[,port...]]
Match if the both the source and destination ports are
equal to each other and to one of the given
ports.
multiport
...
used in conjunction with -p tcp or -p udp.
rts port[,port[,port...]]
Match if the both the source and destination ports
are equal to each other and to one of the given
ports.
Mar 09, 2002 IPTABLES(8)
BTW, what is the diffence between mport and multiport modules?
Hmm, interesting. I looked again and I see:
man iptables:
mport
--ports port[,port[,port...]]
Match if the both the source and destination ports are
equal to each other and to one of the given ports.
multiport
--ports [!] port[,port[,port:port...]]
Match if either the source or destination ports are
equal to one of the given ports.
My iptables is a self compiled 1.3.3 running on Sarge, one box with
kernel 2.4.31 the other box with kernel 2.6.13.1. May be an iptables
version issue ?
Have a nice time,
Joerg
