Specifying Multiple Ports with multiport
The multiport module allows one to specify a number of different ports in one rule. This allows for fewer rules and easier maintenance of iptables configuration files. For example, if we wanted to allow global access to the SMTP, HTTP, HTTPS and SSH ports on our server we would normally use something like the following: -A INPUT -i eth0 -p tcp -m state --state NEW --dport ssh -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport smtp -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport http -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport https -j ACCEPT
Example1: -A INPUT -i eth0 -p tcp -m state --state NEW -m multiport --dports ssh,smtp,http,https -j ACCEPT
Example2: -A FORWARD -s 192.168.0.0/24 -d 0/0 -m state --state NEW -p tcp -m multiport --dport smtp,pop3,imap,6301,443,5100,13,554,1101,8080,5900,5901,5902 -o eth0 -i eth1 -j ACCEPT
-p tcp or -p udp and only up to 15 ports may be specified. The supported options are:
--sports port[,port,port...]- matches source port(s)
--dports port[,port,port...]- matches destination port(s)
--ports port[,port,port...]- matches both source and destination port(s)
mport* is another similar extension that also allows you to specify port ranges, e.g. --dport 22,80,110,25, 6000:6010.