* udp/tcp port range rules for forward/input chains
@ 2003-10-15 3:10 Ted Kaczmarek
2003-10-15 6:27 ` Joel Newkirk
0 siblings, 1 reply; 4+ messages in thread
From: Ted Kaczmarek @ 2003-10-15 3:10 UTC (permalink / raw)
To: netfilter
Digging around the only thing I found was a patch-o-matic that allowed
for doing a range of 15 ports.
I see many references with dnat and snat, but nothing besides the patch
for input or forward chains.
If anyone has a link that or info that can steer me in the right
direction the beers are on me at the Javits Center Linux show.
Thanks,
Ted
PS: this is by far the best maintained mailing list I am on, kudo's to
all the contributors/participants.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: udp/tcp port range rules for forward/input chains
2003-10-15 3:10 udp/tcp port range rules for forward/input chains Ted Kaczmarek
@ 2003-10-15 6:27 ` Joel Newkirk
2003-10-16 21:34 ` Ted Kaczmarek
0 siblings, 1 reply; 4+ messages in thread
From: Joel Newkirk @ 2003-10-15 6:27 UTC (permalink / raw)
To: tedkaz; +Cc: netfilter
On Tue, 2003-10-14 at 23:10, Ted Kaczmarek wrote:
> Digging around the only thing I found was a patch-o-matic that allowed
> for doing a range of 15 ports.
>
> I see many references with dnat and snat, but nothing besides the patch
> for input or forward chains.
>
> If anyone has a link that or info that can steer me in the right
> direction the beers are on me at the Javits Center Linux show.
>
> Thanks,
> Ted
Do you mean something like specifying tpc port 135 through 139 in a
single rule?
iptables -A INPUT -i $EXTIF -p tcp --dport 135:139 -j DROP
If you mean non-contiguous ports, you're looking at multiport:
iptables -A INPUT -p tcp -m mulitport --dport 21,25,80,110,143,443 -j
ACCEPT
Multiport is limited to 15 ports per rule.
j
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: udp/tcp port range rules for forward/input chains
2003-10-15 6:27 ` Joel Newkirk
@ 2003-10-16 21:34 ` Ted Kaczmarek
2003-10-16 21:49 ` Joel Newkirk
0 siblings, 1 reply; 4+ messages in thread
From: Ted Kaczmarek @ 2003-10-16 21:34 UTC (permalink / raw)
To: firewalldude; +Cc: netfilter
As it turned out their was a hidden character in one of my logging rules
which was totally messing with my head :-)
Thanks,
Ted
On Wed, 2003-10-15 at 02:27, Joel Newkirk wrote:
> On Tue, 2003-10-14 at 23:10, Ted Kaczmarek wrote:
> > Digging around the only thing I found was a patch-o-matic that allowed
> > for doing a range of 15 ports.
> >
> > I see many references with dnat and snat, but nothing besides the patch
> > for input or forward chains.
> >
> > If anyone has a link that or info that can steer me in the right
> > direction the beers are on me at the Javits Center Linux show.
> >
> > Thanks,
> > Ted
>
> Do you mean something like specifying tpc port 135 through 139 in a
> single rule?
>
> iptables -A INPUT -i $EXTIF -p tcp --dport 135:139 -j DROP
>
> If you mean non-contiguous ports, you're looking at multiport:
>
> iptables -A INPUT -p tcp -m mulitport --dport 21,25,80,110,143,443 -j
> ACCEPT
>
> Multiport is limited to 15 ports per rule.
>
> j
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: udp/tcp port range rules for forward/input chains
2003-10-16 21:34 ` Ted Kaczmarek
@ 2003-10-16 21:49 ` Joel Newkirk
0 siblings, 0 replies; 4+ messages in thread
From: Joel Newkirk @ 2003-10-16 21:49 UTC (permalink / raw)
To: tedkaz; +Cc: netfilter
On Thu, 2003-10-16 at 17:34, Ted Kaczmarek wrote:
> As it turned out their was a hidden character in one of my logging rules
> which was totally messing with my head :-)
> > > If anyone has a link that or info that can steer me in the right
> > > direction the beers are on me at the Javits Center Linux show.
> > >
> > > Thanks,
> > > Ted
So no beer? ;^)
j
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-10-16 21:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-10-15 3:10 udp/tcp port range rules for forward/input chains Ted Kaczmarek
2003-10-15 6:27 ` Joel Newkirk
2003-10-16 21:34 ` Ted Kaczmarek
2003-10-16 21:49 ` Joel Newkirk
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.