On 8/4/05, Bastian Blank <waldi@debian.org> wrote:
> On Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote:
> > $ iptables -A FORWARD -p tcp -m mport --dports 22 -j ACCEPT
> > iptables: No chain/target/match by that name
> > $
>
> Where did you found the information that mport supports --dports? The
> iptables manpage specifies --destination-ports since many years.
The manpage only talks about multiport, not mport. I wish to use
mport to specify ranges. I got the information from the following:
$ iptables -m mport --help
iptables v1.2.11
[snip]
mport v1.2.11 options:
--source-ports port[,port:port,port...]
--sports ...
match source port(s)
--destination-ports port[,port:port,port...]
--dports ...
match destination port(s)
--ports port[,port:port,port]
match both source and destination port(s)
$
Also, by the way:
$ iptables -A FORWARD -p tcp -m mport --destination-ports 22 -j ACCEPT
iptables: No chain/target/match by that name
$
It seems mport isn't even supported, but then I'd expect the following
to result in the same error:
$ iptables -A FORWARD -p tcp -m mport
iptables v1.2.11: mport expects an option
Try `iptables -h' or 'iptables --help' for more information.
$ iptables -A FORWARD -p tcp -m nosuchmatchiniptables
iptables v1.2.11: Couldn't load match
`nosuchmatchiniptables':/lib/iptables/libipt_nosuchmatchiniptables.so:
cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
$
No comments:
Post a Comment