Joseph L. Casale wrote: > When do you know you need the "-m multiport" option? I see examples with -dport xx:xxx for example that sometimes use it and sometimes don't? > I have read the man page and see what "-m multiport" requires, but don't see the requirement involving its use. > > Thanks! > jlc I'll take a guess but am happy to be corrected if someone knows better... My understanding is that --dport can only specify a single port (--dport 80) or port range (--dport 137:139) inclusive. Use of the multiport module allows up to 15 ports (or port ranges) to be specified. As for a potential usage - off the top of my head, suppose you wanted to open ports 137-139 and 445 for SMB/Samba. This could be achieved with a single rule using the multiport module whereas 2 individual rules would otherwise be needed. Again, suppose you wanted to open ports 21 (FTP), 22 (SSH) and 110 (POP3) to a select IP address - you could do this in a single rule rather than 3 individual rules which opens up possibilities for optimizing/minimizing the number of iptables rules within a chain. Ned