* --sport
@ 2003-03-05 16:21 Patrick Ahler
2003-03-05 16:36 ` --sport Sven Schuster
2003-03-05 16:40 ` --sport Maciej Soltysiak
0 siblings, 2 replies; 5+ messages in thread
From: Patrick Ahler @ 2003-03-05 16:21 UTC (permalink / raw)
To: netfilter
1. Is there a way to specify a range of source ports when setting a rule. My
ftp server uses ports 5000-5020 for passive but I don't want to have to
write a rule for each port. (For a network firewall). The ftp server is
behind the firewall.
iptables -A FORWARD -p tcp --sport 5000 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: --sport
2003-03-05 16:21 --sport Patrick Ahler
@ 2003-03-05 16:36 ` Sven Schuster
2003-03-05 19:52 ` --sport Martin Josefsson
2003-03-05 16:40 ` --sport Maciej Soltysiak
1 sibling, 1 reply; 5+ messages in thread
From: Sven Schuster @ 2003-03-05 16:36 UTC (permalink / raw)
To: Patrick Ahler, netfilter
What you need is the mport-match:
iptables -A FORWARD -p tcp -m mport --sport 5000:5020 -m state ...
Sven
Patrick Ahler wrote:
>1. Is there a way to specify a range of source ports when setting a rule. My
>ftp server uses ports 5000-5020 for passive but I don't want to have to
>write a rule for each port. (For a network firewall). The ftp server is
>behind the firewall.
>
>
>iptables -A FORWARD -p tcp --sport 5000 -m state --state
>NEW,ESTABLISHED,RELATED -j ACCEPT
>
>
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: --sport
2003-03-05 16:21 --sport Patrick Ahler
2003-03-05 16:36 ` --sport Sven Schuster
@ 2003-03-05 16:40 ` Maciej Soltysiak
1 sibling, 0 replies; 5+ messages in thread
From: Maciej Soltysiak @ 2003-03-05 16:40 UTC (permalink / raw)
To: Patrick Ahler; +Cc: netfilter
> 1. Is there a way to specify a range of source ports when setting a rule. My
# iptables -p tcp --help
So use:
--sport 5000:5020
Regards,
Maciej
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: --sport
2003-03-05 16:36 ` --sport Sven Schuster
@ 2003-03-05 19:52 ` Martin Josefsson
2003-03-05 21:30 ` --sport Sven Schuster
0 siblings, 1 reply; 5+ messages in thread
From: Martin Josefsson @ 2003-03-05 19:52 UTC (permalink / raw)
To: Sven Schuster; +Cc: Patrick Ahler, Netfilter
On Wed, 2003-03-05 at 17:36, Sven Schuster wrote:
> What you need is the mport-match:
>
> iptables -A FORWARD -p tcp -m mport --sport 5000:5020 -m state ...
mport is not needed for a simple range
--
/Martin
Never argue with an idiot. They drag you down to their level, then beat you with experience.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: --sport
2003-03-05 19:52 ` --sport Martin Josefsson
@ 2003-03-05 21:30 ` Sven Schuster
0 siblings, 0 replies; 5+ messages in thread
From: Sven Schuster @ 2003-03-05 21:30 UTC (permalink / raw)
To: Martin Josefsson; +Cc: Patrick Ahler, Netfilter
Yes I actually recognized it _after_ posting :-)
My mistake...
Martin Josefsson wrote:
>mport is not needed for a simple range
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-03-05 21:30 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-03-05 16:21 --sport Patrick Ahler
2003-03-05 16:36 ` --sport Sven Schuster
2003-03-05 19:52 ` --sport Martin Josefsson
2003-03-05 21:30 ` --sport Sven Schuster
2003-03-05 16:40 ` --sport Maciej Soltysiak
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox