At 3:13 PM +1030 3/14/07, Tim wrote: >On Tue, 2007-03-13 at 10:53 -0400, Tony Nelson wrote: >> (Man iptables doens't really explain --dport > >destination port - the rule will match something wanting to connect to >that port. > >> or --sport, > >source port - the rule will match something coming from that port/ > >> or --port. > >Any use of that port. All that is obvious. What isn't clear from the man page is where they are allowed, as they should be documented at the top level of things if they are allowed everywhere, instead of being mentioned in a couple of the commands that con use them. Rusty's iptables HOWTO is better, and I think I'm starting to make a good mental model. -- ____________________________________________________________________ TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx> ' <http://www.georgeanelson.com/>
