Is it possible to add the mport like option to the firewall? That way we can match multiple ports to one firewall rule.
For example: dst-port=
add protocol=tcp dst-address=192.168.0.1 dst-port=22,25,80 action=accept
Thanks,
D~
You can use list of port like
add protocol=tcp dst-address=192.168.0.1 dst-port=22-80 action=accept
But not multiple catch port.
I know. I think it would be helpful to specify a list of specific ports, so you can sometimes combine multiple firewall rules into one.
D~
it would even be cooler to create a port-list just like address-list.
Sam
you can just mangle the packets mark them as needed and then you can block by the name, and block multiple ports with one rule!
so mangle ports 135-139 TCP/UDP and 445 TCP and mark as NETBIOS..
Create a firewall rule that drops packets with packet mark NETBIOS.. cool stuff eh?
of course you still have to create multiple mangle rules 
I think mangling is more overhead than needed if you run a high traffic system. Also, if connection tracking is not on does mangling still work?
Sam
Good point. I don’t believe it does. (mangle w/o connection tracking)
The overhead would be minimal I believe…
There are multiple ways to skin a cat.
I thinking adding this feature would make it the easiest of all of them.