[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: iptables rule command help
From:       Jörg_Harmuth <harmuth () mnemon ! de>
Date:       2005-08-30 14:26:17
Message-ID: 43146C89.8050407 () mnemon ! de
[Download RAW message or body]

CC commmunication schrieb:
> Thankyou very much for your help.
> I have read a lot about iptables, but i cannot find
> any  information about how many matches can be done in
> one statement.
> e.g
> can i match source subnet, destination subnet, source
> port range and destination port range with the --syn
> flag set.. etc.

yes

> If any one can explain how options can be matched in
> one iptables statement. 

simply write one after the other as in my previous example. Combine as
you need it.

> i know it could be done by using user defined traget,
> and then do further processing with that traget

You can do it in any chain (also user defined ones), but depending on
the chain in question it's more or less usefull. And also depending on
the target some matches are more or less usefull. E.g. with
layer7-patch, matching against ports is totally useless ;)

Have a nice time,

Joerg

[prev in list] [next in list] [prev in thread] [next in thread]