Joseph L. Casale wrote: >> My understanding is that --dport can only specify a single port (--dport >> 80) or port range (--dport 137:139) inclusive. Use of the multiport >> module allows up to 15 ports (or port ranges) to be specified. > > Ned, > So to write --dport 5060,10000:60000 you need to write: > -m multiport -p udp -dport 5060,10000:60000 > Correct? > > Thanks for the help! > jlc I've not used multiport so am unsure of the exact syntax, but that looks reasonable. I'd keep the -m multiport and --dports together though (also note it's --dports, not -dport), so something like this: iptables -A INPUT -p udp -m multiport --dports 5060,10000:60000 -j ACCEPT would accept all UDP packets destined for ports 5060 and 10000-60000.