Re: Maximum number of ports?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: /dev/rob0 <rob0@gmx.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: Maximum number of ports?
Date: Thu, 11 Aug 2005 11:54:07 -0500	[thread overview]
Message-ID: <200508111154.07609.rob0@gmx.co.uk> (raw)
In-Reply-To: <1123704837.3708.1.camel@ndspc131.p.n-dsi.com>

On Wednesday 2005-August-10 15:13, Peggy Kam wrote:
> What is the maximum number of ports that I can define in the
> iptables? What is the limitation?

Are you asking about the multiport match extension? If so please find 
the following in "man iptables" and post again if you do not understand 
it:

   multiport
       This  module matches a set of source or destination ports.
       Up to 15 ports can be specified.  It can only be used  in
       conjunction with -p tcp or -p udp

That particular limitation only applies to a single multiport command. 
You can have as many of those as you need. Perhaps you're asking about 
the maximum number of rules you can have? I don't know what that limit 
might be (if I was curious I would Google), but I bet it's higher than 
the 64K TCP ports plus the 64K UDP ports.

If you're writing a firewall with that many rules, it is probable that 
you could have done it better and more efficiently using a different 
approach. For instance, default policies of DROP and only ACCEPT the 
port/protocol combinations you need, plus the standard "-m state 
--state RELATED,ESTABLISHED -j ACCEPT" rules.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

next prev parent reply	other threads:[~2005-08-11 16:54 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-04 19:36 multiports Peggy Kam
2005-08-05  6:34 ` multiports Jan Engelhardt
2005-08-10 20:13   ` Maximum number of ports? Peggy Kam
2005-08-11 16:54     ` /dev/rob0 [this message]
2005-09-13 22:10     ` Maximum number of rules in iptables? Peggy Kam
2005-09-14  3:41       ` Edmundo Carmona
2005-09-14  4:44         ` /dev/rob0
     [not found]           ` <65aa6af905091406415094a9ff@mail.gmail.com>
2005-09-14 13:42             ` Fwd: " Edmundo Carmona
2005-09-15 15:22       ` iptables rules Peggy Kam
2005-09-15 15:26         ` Jörg Harmuth
2005-09-15 15:37           ` Peggy Kam
2005-09-15 16:23             ` Jörg Harmuth
2005-10-21 13:46               ` Realos
2005-10-21 16:03                 ` Rob Sterenborg
2005-10-21 16:19                 ` Jörg Harmuth
2005-09-15 15:33         ` Jörg Harmuth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200508111154.07609.rob0@gmx.co.uk \
    --to=rob0@gmx.co.uk \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.