Some iptables tricks


The Multiport extension allows you to specify multiple ports and ranges and makes it possible to create complex rules in one line. Here’s an example of how you can allow SSH, Web, IMAP and X terminal traffic

iptables -A INPUT -p tcp -m multiport --dports 22,80,143,6000:6003 -j ACCEPT

The alternative to using this rule would be

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 6000:6003 -j ACCEPT

The multiport directive saves you a lot of lines to maintain and requires less system processing.