* --dport/--sport clarification
@ 2005-01-31 21:45 R. DuFresne
2005-01-31 21:53 ` Jason Opperisano
2005-01-31 22:00 ` Samuel Jean
0 siblings, 2 replies; 3+ messages in thread
From: R. DuFresne @ 2005-01-31 21:45 UTC (permalink / raw)
To: netfilter
ipfwadm and I believe ipchains allowed port ranges, as in 135:139. Does
this worj te same with --dport/--sport? My reading indicates the list or
'range' requires that the ports be a comma seperated list, rather then the
ole 'range' option of old.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
...Love is the ultimate outlaw. It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice. Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question. The words
"make" and "stay" become inappropriate. My love for you has no
strings attached. I love you for free...
-Tom Robins <Still Life With Woodpecker>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: --dport/--sport clarification
2005-01-31 21:45 --dport/--sport clarification R. DuFresne
@ 2005-01-31 21:53 ` Jason Opperisano
2005-01-31 22:00 ` Samuel Jean
1 sibling, 0 replies; 3+ messages in thread
From: Jason Opperisano @ 2005-01-31 21:53 UTC (permalink / raw)
To: netfilter
On Mon, Jan 31, 2005 at 04:45:52PM -0500, R. DuFresne wrote:
> ipfwadm and I believe ipchains allowed port ranges, as in 135:139. Does
> this worj te same with --dport/--sport? My reading indicates the list or
> 'range' requires that the ports be a comma seperated list, rather then the
> ole 'range' option of old.
both --sport and --dport support the port[:port] syntax (this is in the
man page of iptables). the comma-separated list syntax is a feature of
the multiport/mport matches. multiport only supports a comma-separated
list of single ports, while mport supports a comma separated list of
single ports or ranges (where ranges eat up two values). both multiport
and mport have a element max of 15.
i.e., all of the following are valid:
Syntax Ports
---------------------------------------------------------------------
--dport 137:139 137 - 139
--sport 1:1023 1 - 1024
--sport 1024: 1024 - 65535
-m multiport --dports 80,443 80 and 443
-m mport --dports 21:23,80,443 21, 22, 23, 80 and 443
HTH...
-j
--
"Me lose brain? Uh, oh! Ha ha ha! Why I laugh?"
--The Simpsons
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: --dport/--sport clarification
2005-01-31 21:45 --dport/--sport clarification R. DuFresne
2005-01-31 21:53 ` Jason Opperisano
@ 2005-01-31 22:00 ` Samuel Jean
1 sibling, 0 replies; 3+ messages in thread
From: Samuel Jean @ 2005-01-31 22:00 UTC (permalink / raw)
To: R. DuFresne; +Cc: netfilter
R. DuFresne wrote:
> ipfwadm and I believe ipchains allowed port ranges, as in 135:139. Does
> this worj te same with --dport/--sport? My reading indicates the list or
> 'range' requires that the ports be a comma seperated list, rather then the
> ole 'range' option of old.
No, it still stands in iptables.
--sport 80:5000 is allowed.
However, --sports (which is an option to multiport or mport matches) does take
list of port.
--sports 22,80,25,110,...
>
> Thanks,
>
>
> Ron DuFresne
Did I misunderstand your question ?
Samuel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-01-31 22:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-31 21:45 --dport/--sport clarification R. DuFresne
2005-01-31 21:53 ` Jason Opperisano
2005-01-31 22:00 ` Samuel Jean
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.