Linux: Iptables Forward Multiple Ports

by on April 13, 2009 · 0 comments· LAST UPDATED April 13, 2010

in

How do I forward multiple ports using Linux iptables based firewall?

The Linux iptables comes with MATCH EXTENSIONS which can use extended packet matching modules. The multiport match module matches a set of source or destination ports. Up to 15 ports can be specified. A port range (port:port) counts as two ports. It can only be used in conjunction with -p tcp or -p udp options.

Syntax

The syntax is as follows for the destination port:

 
iptables -A tableName -p tcp  --match multiport --dports port1,port2 -j ACCEPT
iptables -A tableName -p udp  --match multiport --dports port1,port2 -j DROP
iptables -A tableName -p protocol  --match multiport --dports portRange1:PortRange2 -j ACCEPT
 

The syntax is as follows for the source port:

 
iptables -A tableName -p tcp  --match multiport --sports port1,port2 -j ACCEPT
iptables -A tableName -p udp  --match multiport --sports port1,port2 -j DROP
iptables -A tableName -p protocol  --match multiport --sports portRange1:PortRange2 -j ACCEPT
 

Examples

The following will accept all traffic from TCP port 80,22,53:
/sbin/iptables -A INPUT -p tcp --match multiport --dports 80,22,53 -j ACCEPT
The following will accept 1024 to 3000 port range:
/sbin/iptables -A INPUT -p tcp --match multiport --dports 1024:3000 -j ACCEPT
Finally, save the changes:
# service iptables save
OR
# iptables-save > /path/to/your/iptables/settings/file



If you would like to be kept up to date with our posts, you can follow us on Twitter, Facebook, Google+, or even by subscribing to our RSS Feed.


Featured Articles:

{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <kbd> <blockquote> <pre> <a href="" title="">

Tagged as: , , , , , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: