Re: Propert IPTABLES Configuration - Roy Sigurd Karlsbakk

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Roy Sigurd Karlsbakk <roy@karlsbakk.net>
To: Bob Sully <rcs@malibyte.net>
Cc: "james.Q.L" <shijialeeee@yahoo.ca>, netfilter@lists.netfilter.org
Subject: Re: Propert IPTABLES Configuration
Date: Sat, 07 Dec 2002 12:57:28 +0100	[thread overview]
Message-ID: <3DF1E228.60804@karlsbakk.net> (raw)
In-Reply-To: Pine.LNX.4.44.0212062220210.30331-100000@firefox.malibyte.net

Bob Sully wrote:

>Hey guys...I used to run a CS server on one of my machines.  This worked 
>for me:
>
>        # GAMES
>        # Half-Life/CounterStrike
>        #
>
>        if [ $HALF_LIFE -gt 0 ]; then
>
>            iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p UDP \
>        --sport 27000:27050 --dport $UNPRIVPORTS -s $EXTERNAL_IP -d \
>        $ANYWHERE -j ACCEPT
>
>            iptables -A INPUT -i $EXTERNAL_INTERFACE -p UDP \
>        --sport $UNPRIVPORTS --dport 27000:27050 -s $ANYWHERE -d \
>        $EXTERNAL_IP -j ACCEPT
>
>            if [ $VERBOSE -gt 0 ]; then
>                echo "firewall: Half-Life/CounterStrike ports enabled"
>            fi
>
>        fi
>
>where:
>
>$EXTERNAL_INTERFACE = eth0 in my case
>$EXTERNAL_IP = obvious
>$UNPRIVPORTS = 1024:65535
>$ANYWHERE = any/0
>  
>
sure, but you'd better use -m state --state RELATED,ESTABLISHED[,NEW]? 
instead of
--sport $UNPRIVPORTS, as the former is stateful.

roy

     prev parent reply	other threads:[~2002-12-07 11:57 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-07  0:25 Propert IPTABLES Configuration Rob
2002-12-07  5:32 ` james.Q.L
2002-12-07  6:24   ` Bob Sully
2002-12-07 11:57     ` Roy Sigurd Karlsbakk [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DF1E228.60804@karlsbakk.net \
    --to=roy@karlsbakk.net \
    --cc=netfilter@lists.netfilter.org \
    --cc=rcs@malibyte.net \
    --cc=shijialeeee@yahoo.ca \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox