** Reply to message from daniel <[EMAIL PROTECTED]> on Sat, 07 Sep 2002 02:43:37 -0700
> in my rc.firewall script i have the following two lines: > > > iptables -A OUTPUT -o $EXT_INTERFACE -p tcp \ -m multiport \ > --destination-port $NFS_PORT,$OPENWINDOWS_PORT,$SOCKS_PORT,$SQUID_PORT \ > --syn -j REJECT > > iptables -A INPUT -o $EXT_INTERFACE -p tcp -m multiport \ > --destination-port $NFS_PORT,$OPENWINDOWS_PORT,$SOCKS_PORT,$SQUID_PORT \ > --syn -j DROP > > > but for some reason, they're not working. > instead, i'm met with the error: > > iptables v1.2.7 invalid TCP port/service `2049:2000:1080:3128' specified > Try `iptables -h' or 'iptables --help' for more information > > a googling for the problem came up with "it's a bug, or a feature, i don't > know". so which is it? and what's the best way to get around it? do i > have to make up a rule for each port? The -m multiport match is protocol-specific, working only with tcp or udp. So be specific in your rules and add "-p tcp" to your rules. Also, it may just be an artifact of your mailer, but you do not need the first "\" before -m in the above rules. jb -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
