On 2005-08-04 [EMAIL PROTECTED] wrote: > On 8/4/05, Bastian Blank <[EMAIL PROTECTED]> wrote: >> On Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote: >>> $ iptables -A FORWARD -p tcp -m mport --dports 22 -j ACCEPT >>> iptables: No chain/target/match by that name >>> $ >> >> Where did you found the information that mport supports --dports? The >> iptables manpage specifies --destination-ports since many years. > > The manpage only talks about multiport, not mport.
The manpage talks about both multiport and mport, and according to the manpage they support the same flags (and --dports is an alias to --destination-ports in both cases). However ... > I got the information from the following: > > $ iptables -m mport --help > iptables v1.2.11 > [snip] > mport v1.2.11 options: > --source-ports port[,port:port,port...] > --sports ... > match source port(s) > --destination-ports port[,port:port,port...] > --dports ... > match destination port(s) > --ports port[,port:port,port] > match both source and destination port(s) > $ ... the iptables help *does* state that port ranges are supported with module "mport", but not with module "multiport". The manpage may be a little outdated here. > Also, by the way: > > $ iptables -A FORWARD -p tcp -m mport --destination-ports 22 -j ACCEPT > iptables: No chain/target/match by that name > $ Do you have multiple port match compiled into your kernel? Try this: grep CONFIG_IP_NF_MATCH_MULTIPORT /boot/config-`uname -r` Regards Ansgar Wiechers -- "Another option [for defragmentation] is to back up your important files, erase the hard disk, then reinstall Mac OS X and your backed up files." --http://docs.info.apple.com/article.html?artnum=25668 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
