The multiport extension has a limit (15) for the ports that can be specified.
But I need to specify much more port numbers in a single rule, so I tried to use several multiport in one rule like:
iptables -A INPUT -p tcp -m multiport --destination-ports 59100 -m multiport --destination-ports 3000 -m state --state NEW -j REJECT --reject-with tcp-reset
The result of iptables -L INPUT -n
is
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 59100 multiport dports 3000 state NEW reject-with tcp-reset
But it turns out that both of the ports are not rejected when I try to connect from a client.
The version is v1.4.2-rc1.
Is there a workaround, or what should I do when I need to specify more than 15 ports in one rule.
As a workaround to this limitation, I use two rules to cover all the cases.
For example, if I want to allow or deny these 18 ports:
465,110,995,587,143,11025,20,21,22,26,80,443,3000,10000,7080,8080,3000,5666
I use the below rules:
iptables -A INPUT -p tcp -i eth0 -m multiport --dports 465,110,995,587,143,11025,20,21,22,26,80,443 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m multiport --dports 3000,10000,7080,8080,3000,5666 -j ACCEPT
The above rules should work for your scenario also. You can create another rule if you hit 15 ports limit on both first and second rule.