On Wed, Oct 28, 2009 at 15:32, Marcus Moeller <mail at marcus-moeller.de> wrote: > is there a way to combine iptables parameters like: iptables -A OUTPUT > -p UDP & -p TCP -d $IP1 & -d $IP2 ? Each of those parameters is called a "match", in IPTables-speak. You can specify multiple matches in one rule, but all matches are combined with an implicit logical AND. There is no way to get a logical OR amongst multiple matches in a single rule. If you want OR logic, you use multiple rules. So, your example could not work as single rule, because no single IP packet can be both TCP and UDP, and no single IP packet can have multiple destination IP addresses. IPTables tries to prevent you from creating nonsensical rules like that in most situations. You would have to specify the required match space across multiple rules, maybe something like this: iptables -A OUTPUT -p UDP -d $IP1-j DROP iptables -A OUTPUT -p TCP -d $IP1 -j DROP iptables -A OUTPUT -p UDP -d $IP2 -j DROP iptables -A OUTPUT -p TCP -d $IP2 -j DROP -Ryan -- Ryan B. Lynch ryan.b.lynch at gmail.com