Package: iptables Version: 1.2.11-10 Severity: normal
-- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.11.11c3 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages iptables depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an -- no debconf information If I do like this [where X.X.X.X/N is the network specification of your trusted friends]: # iptables -A INPUT -p tcp -s ! X.X.X.X/N -i eth0 --dport 23 -j DROP it takes it and adds the rule you would expect, but if I do like this # iptables -A INPUT -m mport -p tcp -s ! X.X.X.X/N -i eth0 --dports 23,111 -j DROP earns you the [cryptic] error message: iptables: No chain/target/match by that name Perhaps it's just impossible to do this, but it kinda seems like a bug. Non-negated source addresses work fine, but of course. Definitely there is a way to work around it (don't use the multiport module), but it took me a while to figure out that that was what was causing the mysterious error message. a -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
