\\ with the help of the multiport extension I want to create rules likes this:
\\
\\ $IPTABLES -A INPUT -i $BAD -p tcp \
\\ -m multiport --destination-port \
\\ $NFS_PORT,$SOCKS_PORT,$OPENWINDOWS_PORT,$SQUID_PORT \
\\ --syn -j DROP
\\
\\
\\ I've computed that I can save about 25 rules if I recreate the firewall rules
\\ with multiport extensions. That is not very much, but I try to optimize my
\\ firewall. My Kernel supports the multiport extension, I've compiled my own
\\ 2.4.18 Kernel.
gday again yes i think its possibe make sure youe Script Redirect correctly with those $$$ .. :)
This web site / info may be usefull .. :) http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html
Multiport match options
|
Match |
|
Example |
|
Explanation |
|
--source-port |
|
iptables -A INPUT -p tcp -m multiport --source-port 22,53,80,110 |
|
This match matches multiple source ports. A maximum of 15 separate ports may be specified. The ports must be comma delimited, as you can see in the example. This match may only be used in conjunction with the -p tcp or -p udp matches. It is mainly an enhanced version of the normal --source-port match. |
|
--destination-port |
|
iptables -A INPUT -p tcp -m multiport --destination-port 22,53,80,110 |
|
This match is used to match multiple destination ports. It works exactly the same way as the source port match mentioned just above, except that it matches destination ports. It has a maximum specification of 15 ports and may only be used in conjunction with -p tcp and -p udp. |
|
--port |
|
iptables -A INPUT -p tcp -m multiport --port 22,53,80,110 |
|
This match extension can be used to match packets based both on their destination port and their source port. It works the same way as the --source-port and --destination-port matches above. It can take a maximum of 15 ports specified to it in one argument. It can only be used in conjunction with -p tcp and -p udp. Note that this means that it will only match packets that comes from, for example, port 80 to port 80 and if you have specified port 80 to the --port match. |
MSN Photos is the easiest way to share and print your photos: Click Here
