Re: a doubt about INPUT rule

Re: a doubt about INPUT rule

[Ralf Spenneberg]

Am Don, 2003-08-14 um 08.46 schrieb Payal Rathod:
> # iptables -A INPUT -p all -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> iptables v1.2.7a: Unknown arg `--dport'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> and this,
> 
> # iptables -A INPUT -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> iptables v1.2.7a: Unknown arg `--dport'
> Try `iptables -h' or 'iptables --help' for more information.
> 
--dport requires the definition of a protocol beforehand. It is only
defined when the protocol is either udp or tcp. Omitting the protocol or
using all does not work because icmp, esp, ah, etc. do not have a port.

> # iptables -A INPUT -p tcp -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
Like I said.

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org

Re: a doubt about INPUT rule

[anantharaman.iyer]

hi,

when you are using implicit matching syntax such as "--dport" or "--sport", 
then you have to specify the specific protocol. There are currently three 
types of implicit matches for three different protocols. These are TCP 
matches, UDP matches and ICMP matches. The TCP based matches contain a set 
of unique criteria that are available only for TCP packets. UDP based 
matches contain another set of criteria that are available only for UDP 
packets. And the same thing for ICMP packets. Hence you have to use the 
option "-p tcp" or "-p udp" when you want to use it with "--dport" option. 
hope that explains ur doubt. 

Regards
Iyer Anantharaman

On Thu, 14 Aug 2003 12:16:10 +0530, Payal Rathod wrote
> Hi,
> Why does this give an error,
> 
> # iptables -A INPUT -p all -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> iptables v1.2.7a: Unknown arg `--dport'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> and this,
> 
> # iptables -A INPUT -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> iptables v1.2.7a: Unknown arg `--dport'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> But this works,
> 
> # iptables -A INPUT -p tcp -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> 
> Why does it not work without -p and even with -p tcp?
> 
> With warm regards,
> -Payal
> 
> -- 
> "Visit GNU/Linux Success Stories"
> http://payal.staticky.com
> Guest-Book Section Updated.



--
Open WebMail Project (http://openwebmail.org)

Re: a doubt about INPUT rule

[anantharaman.iyer]

hi,

when you are using implicit matching syntax such as "--dport" or "--sport", 
then you have to specify the specific protocol. There are currently three 
types of implicit matches for three different protocols. These are TCP 
matches, UDP matches and ICMP matches. The TCP based matches contain a set 
of unique criteria that are available only for TCP packets. UDP based 
matches contain another set of criteria that are available only for UDP 
packets. And the same thing for ICMP packets. Hence you have to use the 
option "-p tcp" or "-p udp" when you want to use it with "--dport" option. 
hope that explains ur doubt. 

Regards
Iyer Anantharaman

On Thu, 14 Aug 2003 12:16:10 +0530, Payal Rathod wrote
> Hi,
> Why does this give an error,
> 
> # iptables -A INPUT -p all -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> iptables v1.2.7a: Unknown arg `--dport'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> and this,
> 
> # iptables -A INPUT -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> iptables v1.2.7a: Unknown arg `--dport'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> But this works,
> 
> # iptables -A INPUT -p tcp -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> 
> Why does it not work without -p and even with -p tcp?
> 
> With warm regards,
> -Payal
> 
> -- 
> "Visit GNU/Linux Success Stories"
> http://payal.staticky.com
> Guest-Book Section Updated.



--
Open WebMail Project (http://openwebmail.org)

Re: a doubt about INPUT rule

[anantharaman.iyer]

hi,

when you are using implicit matching syntax such as "--dport" or "--sport", 
then you have to specify the specific protocol. There are currently three 
types of implicit matches for three different protocols. These are TCP 
matches, UDP matches and ICMP matches. The TCP based matches contain a set 
of unique criteria that are available only for TCP packets. UDP based 
matches contain another set of criteria that are available only for UDP 
packets. And the same thing for ICMP packets. Hence you have to use the 
option "-p tcp" or "-p udp" when you want to use it with "--dport" option. 
hope that explains ur doubt. 

Regards
Iyer Anantharaman

On Thu, 14 Aug 2003 12:16:10 +0530, Payal Rathod wrote
> Hi,
> Why does this give an error,
> 
> # iptables -A INPUT -p all -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> iptables v1.2.7a: Unknown arg `--dport'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> and this,
> 
> # iptables -A INPUT -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> iptables v1.2.7a: Unknown arg `--dport'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> But this works,
> 
> # iptables -A INPUT -p tcp -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
> 
> Why does it not work without -p and even with -p tcp?
> 
> With warm regards,
> -Payal
> 
> -- 
> "Visit GNU/Linux Success Stories"
> http://payal.staticky.com
> Guest-Book Section Updated.



--
Open WebMail Project (http://openwebmail.org)

a doubt about INPUT rule

[Payal Rathod]

Hi,
Why does this give an error,

# iptables -A INPUT -p all -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
iptables v1.2.7a: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.

and this,

# iptables -A INPUT -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT
iptables v1.2.7a: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.

But this works,

# iptables -A INPUT -p tcp -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT

Why does it not work without -p and even with -p tcp?

With warm regards,
-Payal



-- 
"Visit GNU/Linux Success Stories"
http://payal.staticky.com
Guest-Book Section Updated.

Re: a doubt about INPUT rule

[Ralf Spenneberg]

Am Fre, 2003-08-15 um 18.46 schrieb Payal Rathod:
> On Wed, Aug 13, 2003 at 09:22:25AM +0200, Ralf Spenneberg wrote:
> > --dport requires the definition of a protocol beforehand. It is only
> > defined when the protocol is either udp or tcp. Omitting the protocol or
> > using all does not work because icmp, esp, ah, etc. do not have a port.
> 
> Ok. Got it now. Thanks a lot Ralf for the excellent mails so far.
> 
> > Book: Intrusion Detection f?r Linux Server   http://www.spenneberg.com
> 
> Why is this ? in "f?r Linux Server"
It is the german word fuer. ue is a german umlaut. One character spelled
Ü.
This is a german book I wrote last year. You will find several chapters
online. But they are german because so far I have not found an
english/american publisher willing to publish it.


Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org

Re: a doubt about INPUT rule

[Payal Rathod]

On Wed, Aug 13, 2003 at 09:22:25AM +0200, Ralf Spenneberg wrote:
> --dport requires the definition of a protocol beforehand. It is only
> defined when the protocol is either udp or tcp. Omitting the protocol or
> using all does not work because icmp, esp, ah, etc. do not have a port.

Ok. Got it now. Thanks a lot Ralf for the excellent mails so far.

> Book: Intrusion Detection f?r Linux Server   http://www.spenneberg.com

Why is this ? in "f?r Linux Server"

With warm regards,
-Payal

-- 
"Visit GNU/Linux Success Stories"
http://payal.staticky.com
Guest-Book Section Updated.