[LARTC] how can i filter for a range of ports?

[LARTC] how can i filter for a range of ports?

[Adam Schrader]

[-- Attachment #1: Type: text/plain, Size: 299 bytes --]

how can i filter for a range of ports? I have seen people use 1024:32000 when saying from port 1024 to 32000 but tc doesnt accept this? can somebody tell me how i can do this? -thanks 




---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more

[-- Attachment #2: Type: text/html, Size: 422 bytes --]

Re: [LARTC] how can i filter for a range of ports?

[Catalin BOIE]

On Mon, 14 Apr 2003, Adam Schrader wrote:

> how can i filter for a range of ports? I have seen people use 1024:32000
> when saying from port 1024 to 32000 but tc doesnt accept this? can
> somebody tell me how i can do this? -thanks

You cannot easyly do this, but there is a solution:
You can use a mask != 0xffff for ports.
Very probably you must use several lines to cover whole range.
So, as an example, for 1024 -> 1279 (1024 + 256 - 1) you can use
match tcp sport 1024 0xff00.

For 4096 -> 65535 you can use:
match tcp sport 4096 0xf000

I think you get the idea.

Or you can just use marking.

>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Tax Center - File online, calculators, forms, and more

---
Catalin(ux) BOIE
catab@deuroconsult.ro
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] how can i filter for a range of ports?

[Mattias Ahnberg]

>> "AS" = Adam Schrader <schrader2k2@yahoo.com> writes:

AS> how can i filter for a range of ports? I have seen people use
AS> 1024:32000 when saying from port 1024 to 32000 but tc doesnt
AS> accept this? can somebody tell me how i can do this? -thanks

iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT

Should do what you want. iptables is very limited in defining ranges,
multiple hosts and similar ranges compares to ipfw2. I hope this will
change sometime in the future since it would highly simplify the
definitions of large rulesets.

/ahnberg.


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] how can i filter for a range of ports?

[Stef Coene]

On Wednesday 16 April 2003 13:14, Mattias Ahnberg wrote:
> >> "AS" = Adam Schrader <schrader2k2@yahoo.com> writes:
>
> AS> how can i filter for a range of ports? I have seen people use
> AS> 1024:32000 when saying from port 1024 to 32000 but tc doesnt
> AS> accept this? can somebody tell me how i can do this? -thanks
>
> iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT
>
> Should do what you want. iptables is very limited in defining ranges,
> multiple hosts and similar ranges compares to ipfw2. I hope this will
> change sometime in the future since it would highly simplify the
> definitions of large rulesets.
There is an iptables patch to do this :
http://www.netfilter.org/documentation/pomlist/pom-base.html#mport

Example :
iptables -A FORWARD -p tcp -m mport --ports 23:42,65

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/