In "Linux Firewall" module, try to create a rule like this (see attached sample screenshot):
Network protocol: TCP (same with UDP, ...)
Destination port: Does not equal 54321,54322 (more than one port)
The rule is saved as "Equals" and not as "Does not equual".
This is the iptables generated config:
-A FORWARD -p tcp -m tcp -m multiport --dports 54321,54322 -j ACCEPT
which is not what I want.
Specifying a single port, the rule is created correctly:
-A FORWARD -p tcp -m tcp ! --dport 54321 -j ACCEPT