How to specify multiple rules in iptables? – A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about How to specify multiple rules in iptables? was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, iptables, firewall, , .
The manpage says (emphasis mine):
-A, --append chain rule-specification Append one *or more* rules to the end of the selected chain. [...] -D, --delete chain rule-specification Delete one *or more* rules from the selected chain. [...] -I, --insert chain [rulenum] rule-specification Insert one *or more* rules in the selected chain as the [...]
Does the manpage say that we can add more than one rule per invocation of iptables? Because I cannot find the right syntax to do it. This:
iptables -D INPUT -s 126.96.36.199 -p tcp -j DROP -s 188.8.131.52 -p tcp -j DROP
results in “multiple -s flags not allowed” error. This:
iptables -D INPUT -s 184.108.40.206 -p tcp -j DROP -D INPUT -s 220.127.116.11 -p tcp -j DROP
results in “Cannot use -D with -D” error. Adding “–” also doesn’t help.
So can we add multiple rules per invocation?
You didn’t quote the rest of the man page which clarifies this, i.e.:
-A, --append chain rule-specification Append one or more rules to the end of the selected chain. When the source and/or destina‐ tion names resolve to more than one address, a rule will be added for each possible address combination.
This implies that multiple rules are added by virtue of using a source or destination hostname in a rule specification that resolves to multiple addresses, not that you can add multiple distinct rules in one invocation.