On Thu, Jun 17, 2010 at 8:00 PM, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > I also thought about matching the protocols and jumping to a sub-chain. > However that won't work the way you want it to b/c (last I checked) you > have to specify a protocol to be able to specify a port. So, you might as > well match both the protocol and the port on the same rule. Yeah I wasn't clear on that. You would definitely need to match ports before jumping, but the idea is that the custom chain could apply a complex series of actions, e.g. updating a recent match, logging, etc. It really depends on what the overarching goal is. The basic goal of specifying "allow tcp+udp port 53" in a single rule doesn't seem possible though. --Mike -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
