On 16.03.2010 12:28, Pascal Hambourg wrote: > Mart Frauenlob a écrit : >>> >>> what am I missing, why is that command not working: >>> >>> iptables -A INPUT -i eth2 -p udplite --destination-port 123 -j ACCEPT >>> iptables v1.4.7: unknown option `--destination-port' >>> Try `iptables -h' or 'iptables --help' for more information. > [...] >>> -p udplite -m multiport --ports 123,124 ... works. > > According to changelogs, support for UDPLITE in multiport was added in > iptables 1.3.8 (the man page does not seem to have been updated though). > >> I would have expect it to work like -p udp. Am I wrong? >> But there's no libxt_udplite.so. > > --dport is an option of some "-m <protocol>" matches (implicit with "-p > <protocol>") such as tcp, udp, sctp, dccp handled by libxt_<protocol>.so > libraries. As you pointed out, there is no libxt_udplite.so, so no "-m > udplite" match nor --dport option for UDPLITE. Thank you Pascal, ok, it's simply not implemented... It seemed somehow improbable to me, that support for udplite within conntrack, nat and multiport was added, but no protocol match. Relying on something not being in the man page *sigh* isn't assured to be correct. Best regards Mart -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
