> On 01/09/2004 Mike Mestnik wrote: > > There are several things you can do. I would make a new table called > > local_rules or something and put each "-p tcp --?port" rule in there. > > Then it as easy as "-d ??.??.128.98 -j local_rules" and "-d ??.??.128.99 > > -j local_rules".
Selon Jonas Meurer <[EMAIL PROTECTED]>: > wee, sounds very interesting, but how do i create this rule "local_rules"? iptables -N local_rules iptables -A local_rules ... > > There is also "-m multiport "... > > This module matches a set of source or destination ports. Up to 15 > > ports can be specified. It can only be used in conjunction with -p tcp or > > -p udp. > > --source-ports port[,port[,port...]] > > --destination-ports port[,port[,port...]] > > --ports port[,port[,port...]] > also interesting, but i really don't know how to use it. > the manpage tells me that it's a module, so i have to load it into > kernel, but afterwards? Any module will be dynamicaly loaded as soon as you use "-m module". iptables -A OUTPUT ... -m multiport --dports 210,215,220,225,230 ... For your .98 & .99 problem, you may use something like this: iptables -A OUTPUT -d ???.???.128.98/255.255.255.254 ... or like this (exactly the same in this case): iptables -A OUTPUT -d ???.???.128.98/31 ... This only work for an even number and the next one (98 & 99), but not for an odd number and the next one (99 & 100). This is because of binary base logic (change only in the last bit). There is also some good (translated) documentation here: http://www.iptables.org/documentation/ -- Jean Christophe Andr�. Agence universitaire de la Francophonie - Bureau Asie Pacifique
