From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stef Coene <stef.coene@docum.org>
Date: Wed, 16 Apr 2003 16:41:11 +0000
Subject: Re: [LARTC] how can i filter for a range of ports?
Message-Id: <marc-lartc-105051151221033@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-105031449822405@msgid-missing>
In-Reply-To: <marc-lartc-105031449822405@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Wednesday 16 April 2003 13:14, Mattias Ahnberg wrote:
> >> "AS" = Adam Schrader <schrader2k2@yahoo.com> writes:
>
> AS> how can i filter for a range of ports? I have seen people use
> AS> 1024:32000 when saying from port 1024 to 32000 but tc doesnt
> AS> accept this? can somebody tell me how i can do this? -thanks
>
> iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT
>
> Should do what you want. iptables is very limited in defining ranges,
> multiple hosts and similar ranges compares to ipfw2. I hope this will
> change sometime in the future since it would highly simplify the
> definitions of large rulesets.
There is an iptables patch to do this :
http://www.netfilter.org/documentation/pomlist/pom-base.html#mport

Example :
iptables -A FORWARD -p tcp -m mport --ports 23:42,65

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/