All of lore.kernel.org
 help / color / mirror / Atom feed
* udp/tcp port range rules for forward/input chains
@ 2003-10-15  3:10 Ted Kaczmarek
  2003-10-15  6:27 ` Joel Newkirk
  0 siblings, 1 reply; 4+ messages in thread
From: Ted Kaczmarek @ 2003-10-15  3:10 UTC (permalink / raw)
  To: netfilter

Digging around the only thing I found was a patch-o-matic that allowed
for doing a range of 15 ports.

I see many references with dnat and snat, but nothing besides the patch
for input or forward chains.

If anyone has a link that or info that can steer me in the right
direction the beers are on me at the Javits Center Linux show.

Thanks,
Ted

PS: this is by far the best maintained mailing list I am on, kudo's to
all the contributors/participants.



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: udp/tcp port range rules for forward/input chains
  2003-10-15  3:10 udp/tcp port range rules for forward/input chains Ted Kaczmarek
@ 2003-10-15  6:27 ` Joel Newkirk
  2003-10-16 21:34   ` Ted Kaczmarek
  0 siblings, 1 reply; 4+ messages in thread
From: Joel Newkirk @ 2003-10-15  6:27 UTC (permalink / raw)
  To: tedkaz; +Cc: netfilter

On Tue, 2003-10-14 at 23:10, Ted Kaczmarek wrote:
> Digging around the only thing I found was a patch-o-matic that allowed
> for doing a range of 15 ports.
> 
> I see many references with dnat and snat, but nothing besides the patch
> for input or forward chains.
> 
> If anyone has a link that or info that can steer me in the right
> direction the beers are on me at the Javits Center Linux show.
> 
> Thanks,
> Ted

Do you mean something like specifying tpc port 135 through 139 in a
single rule?

iptables -A INPUT -i $EXTIF -p tcp --dport 135:139 -j DROP

If you mean non-contiguous ports, you're looking at multiport:

iptables -A INPUT -p tcp -m mulitport --dport 21,25,80,110,143,443 -j
ACCEPT

Multiport is limited to 15 ports per rule.

j




^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: udp/tcp port range rules for forward/input chains
  2003-10-15  6:27 ` Joel Newkirk
@ 2003-10-16 21:34   ` Ted Kaczmarek
  2003-10-16 21:49     ` Joel Newkirk
  0 siblings, 1 reply; 4+ messages in thread
From: Ted Kaczmarek @ 2003-10-16 21:34 UTC (permalink / raw)
  To: firewalldude; +Cc: netfilter

As it turned out their was a hidden character in one of my logging rules
which was totally messing with my head :-)



Thanks,
Ted
On Wed, 2003-10-15 at 02:27, Joel Newkirk wrote:
> On Tue, 2003-10-14 at 23:10, Ted Kaczmarek wrote:
> > Digging around the only thing I found was a patch-o-matic that allowed
> > for doing a range of 15 ports.
> > 
> > I see many references with dnat and snat, but nothing besides the patch
> > for input or forward chains.
> > 
> > If anyone has a link that or info that can steer me in the right
> > direction the beers are on me at the Javits Center Linux show.
> > 
> > Thanks,
> > Ted
> 
> Do you mean something like specifying tpc port 135 through 139 in a
> single rule?
> 
> iptables -A INPUT -i $EXTIF -p tcp --dport 135:139 -j DROP
> 
> If you mean non-contiguous ports, you're looking at multiport:
> 
> iptables -A INPUT -p tcp -m mulitport --dport 21,25,80,110,143,443 -j
> ACCEPT
> 
> Multiport is limited to 15 ports per rule.
> 
> j



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: udp/tcp port range rules for forward/input chains
  2003-10-16 21:34   ` Ted Kaczmarek
@ 2003-10-16 21:49     ` Joel Newkirk
  0 siblings, 0 replies; 4+ messages in thread
From: Joel Newkirk @ 2003-10-16 21:49 UTC (permalink / raw)
  To: tedkaz; +Cc: netfilter

On Thu, 2003-10-16 at 17:34, Ted Kaczmarek wrote:
> As it turned out their was a hidden character in one of my logging rules
> which was totally messing with my head :-)

> > > If anyone has a link that or info that can steer me in the right
> > > direction the beers are on me at the Javits Center Linux show.
> > > 
> > > Thanks,
> > > Ted

So no beer?  ;^)

j




^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-10-16 21:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-10-15  3:10 udp/tcp port range rules for forward/input chains Ted Kaczmarek
2003-10-15  6:27 ` Joel Newkirk
2003-10-16 21:34   ` Ted Kaczmarek
2003-10-16 21:49     ` Joel Newkirk

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.