btw, how did you create your nonUS set Ken?
Looks like the limit is 15. It would be nice if the error message
stated what the limit was.
From the manpage:
multiport
This module matches a set of source or destination ports. Up
to 15 ports can be specified. A port range (port:port) counts as two
ports. It can only be used in conjunction with one of the
following protocols: tcp, udp, udplite, dccp and sctp.
[!] --source-ports,--sports port[,port|,port:port]...
Match if the source port is one of the given
ports. The flag --sports is a convenient alias for this option. Multiple ports
or port ranges are separated using a comma, and a port
range is specified using a colon. 53,1024:65535 would therefore
match ports 53 and all from 1024 through 65535.
[!] --destination-ports,--dports port[,port|,port:port]...
Match if the destination port is one of the given
ports. The flag --dports is a convenient alias for this option.
[!] --ports port[,port|,port:port]...
Match if either the source or destination ports are
equal to one of the given ports.
At 01:04 PM 8/26/2019, Kenneth Porter wrote:
--On Monday, August 26, 2019 8:33 AM -0500 Mike <[email protected]> wrote:
What is the maximum # of ports you can specify in the port = command?
What's the iptables module?
For documentation on all the iptables modules, look at:
man 8 iptables-extensions
<http://ipset.netfilter.org/iptables-extensions.man.html>
Note that the multiport module lets you specify a long list of ports.
Here's one of my direct rules extracted from iptables-save:
-A INPUT -p tcp -m multiport --dports
22,587,25,465,110,995,143,993,4190 -m set --match-set NonUS src -m
conntrack --ctstate NEW -j DROP
(This drops any attempt to connect to authenticated services from a
non-US address.)
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
