On Tue, May 14, 2002 at 01:25:01PM -0300, Luciano Macedo Rodrigues wrote: > Hi Ray, > > Changing about 10 workstations it's not always a good solution, so I found > another (great thanks to Sebastian Wolfgarten). > > iptables -I INPUT -i eth1 -p UDP --sport 137 --dport 137 -j ACCEPT > iptables -I OUTPUT -o eth1 -p UDP --dport 137 --sport 137 -j ACCEPT >
just slightly related, but if I understood correctly, this could also be written like: iptables -I INPUT -i eth1 -p udp -m multiport --port 137 -j ACCEPT it isn't much shorter, so what are the advantages of this notation? BTW, wouldn't it be useful to be able to filter on packets with a port number on (udp OR tcp) packets? cheers Simon
