Joseph L. Casale wrote:
When do you know you need the "-m multiport" option? I see examples with -dport
xx:xxx for example that sometimes use it and sometimes don't?
I have read the man page and see what "-m multiport" requires, but don't see
the requirement involving its use.
Thanks!
jlc
I'll take a guess but am happy to be corrected if someone knows better...
My understanding is that --dport can only specify a single port (--dport
80) or port range (--dport 137:139) inclusive. Use of the multiport
module allows up to 15 ports (or port ranges) to be specified.
As for a potential usage - off the top of my head, suppose you wanted to
open ports 137-139 and 445 for SMB/Samba. This could be achieved with a
single rule using the multiport module whereas 2 individual rules would
otherwise be needed. Again, suppose you wanted to open ports 21 (FTP),
22 (SSH) and 110 (POP3) to a select IP address - you could do this in a
single rule rather than 3 individual rules which opens up possibilities
for optimizing/minimizing the number of iptables rules within a chain.
Ned
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
