From mboxrd@z Thu Jan 1 00:00:00 1970 From: "K.A.Rochstad" Subject: miscellaneous questions (iptables v1.2.6a) Date: Wed, 4 Dec 2002 19:35:06 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <001001c29bc3$ddeb2b60$0200000a@design> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000D_01C29BCC.3F8E28B0" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_000D_01C29BCC.3F8E28B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello. =20 I have 2 questions about this edition of netfilter. (iptables 1.2.6) =20 When I use: Iptables -A OUTPUT -o $INTERNET -p tcp -s $IPADDR -sport $UNPRIVPORTS = -dport 113 -j ACCEPT=20 =20 I get this error: Iptables v.1.2.6a: invalid TCP port/service '-d' specified. Try 'iptables -h' or 'iptables -help' for more information. =20 I get this error in connection to -dport 53 too. (With -p UDP) =20 Q1:=20 Is it not possible to make more restrictions between the SOA DNS and a = client? Now I is all protocols allowed all on all ports because -sport and = -dport not was permitted in connection to port 53. =20 On the other hand is it no problem to make rules for s local DNS forward = Server on port 53. =20 Q2: How to configure correct rules for these ports? =20 Thank you for your time and advice. =20 Karl ------=_NextPart_000_000D_01C29BCC.3F8E28B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello.

 

I = have = 2=20 questions = about = this = edition = of = netfilter. (iptables 1.2.6)

 

When = I = use:

Iptables=20 =96A = OUTPUT = =96o = $INTERNET=20 =96p = tcp=20 =96s = $IPADDR=20 =96sport = $UNPRIVPORTS =96dport 113 =96j = ACCEPT =

 

I get this error:

Iptables v.1.2.6a: invalid TCP port/service =91-d=92 = specified.

Try =91iptables =96h=92 or =91iptables =96help=92 for more information.

 

I get this error in connection to =96dport 53 too. (With =96p UDP)

 

Q1:

Is it not possible to make more restrictions between the SOA DNS and a client?

Now I is all protocols allowed all on all ports because =96sport and =96dport = not was permitted in connection to port = 53.

 

On the other hand is it no problem to make rules for s local DNS forward Server on port = 53.

 

Q2:

How to configure correct rules for these ports?

 

Thank you for your time and advice.

 

Karl

------=_NextPart_000_000D_01C29BCC.3F8E28B0--