On Fri, 2002-04-12 at 13:27, VERBEEK, Francois wrote: > BTW if you plan to use --dport you need rather a line like > > iptables -A INPUT -p tcp -s 0/0 -m tcp --dport 22 -i $dev -j ACCEPT
-m tcp is not needed. See manpage: MATCH EXTENSIONS iptables can use extended packet matching modules. These are loaded in two ways: implicitly, when -p or --protocol is specified, or with the -m or --match options, followed by the matching module name; after these, various extra command line options become available, depending on the specific module. You can specify multiple extended match modules in one line, and you can use the -h or --help options after the module has been specified to receive help specific to that module. So the tcp extension is already implicitly loaded by using -p tcp. -- Tot ziens, Bart-Jan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]