[CentOS] combining iptables parameters
mlists at zoominternet.net
Thu Oct 29 21:57:25 UTC 2009
On Wednesday 28 October 2009 16:36, Marcus Moeller wrote:
> Dear Ryan.
> >> is there a way to combine iptables parameters like: iptables -A OUTPUT
> >> -p UDP & -p TCP -d $IP1 & -d $IP2 ?
> > Each of those parameters is called a "match", in IPTables-speak. You
> > can specify multiple matches in one rule, but all matches are combined
> > with an implicit logical AND. There is no way to get a logical OR
> > amongst multiple matches in a single rule. If you want OR logic, you
> > use multiple rules.
> > So, your example could not work as single rule, because no single IP
> > packet can be both TCP and UDP, and no single IP packet can have
> > multiple destination IP addresses. IPTables tries to prevent you from
> > creating nonsensical rules like that in most situations.
> > You would have to specify the required match space across multiple
> > rules, maybe something like this:
> > iptables -A OUTPUT -p UDP -d $IP1-j DROP
> > iptables -A OUTPUT -p TCP -d $IP1 -j DROP
> > iptables -A OUTPUT -p UDP -d $IP2 -j DROP
> > iptables -A OUTPUT -p TCP -d $IP2 -j DROP
> That's what I am doing atm. Thanks for the update.
iptables -A OUTPUT -d $IP1 -j DROP
iptables -A OUTPUT -d $IP2 -j DROP
This will catch everything doesn't matter if its UDP or TCP or ICMP.
Linux User #296285
More information about the CentOS