Hi Christoph:
I am still running iptables 1.24. However, in that version I
don't think it supported the ! negation on multiport. Later versions
may have added that capability. Perhaps one of the members of
the list has a more definitive answer.
Stu...............
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Christoph Gossen
Sent: June 18, 2002 8:50 AM
To: [EMAIL PROTECTED]
Subject: invert problem with multiport
Hello,
I think there's a bug in the behaviour of the multiport module - for
example, a line like
iptables -p tcp -A OUTPUT -m multiport ! --dport 25 -j DROP
causes the same behaviour as
iptables -p tcp -A OUTPUT -m multiport --dport 25 -j DROP
or
iptables -p tcp -A OUTPUT --dport 25 -j DROP
and NOT (as one would expect) that one caused by
iptables -p tcp -A OUTPUT ! --dport 25 -j DROP
Inverting the (set of) port(s) due to the "!" sign in the first line
above is just ignored
(no syntax error occures)!
Any comments?
Thanks,
Christoph
