--sport

Linux Netfilter discussions
 help / color / mirror / Atom feed

* --sport
@ 2003-03-05 16:21 Patrick Ahler
  2003-03-05 16:36 ` --sport Sven Schuster
  2003-03-05 16:40 ` --sport Maciej Soltysiak
  0 siblings, 2 replies; 5+ messages in thread
From: Patrick Ahler @ 2003-03-05 16:21 UTC (permalink / raw)
  To: netfilter

1. Is there a way to specify a range of source ports when setting a rule. My
ftp server uses ports 5000-5020 for passive but I don't want to have to
write a rule for each port. (For a network firewall). The ftp server is
behind the firewall.

iptables -A FORWARD -p tcp --sport 5000 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: --sport
  2003-03-05 16:21 --sport Patrick Ahler
@ 2003-03-05 16:36 ` Sven Schuster
  2003-03-05 19:52   ` --sport Martin Josefsson
  2003-03-05 16:40 ` --sport Maciej Soltysiak
  1 sibling, 1 reply; 5+ messages in thread
From: Sven Schuster @ 2003-03-05 16:36 UTC (permalink / raw)
  To: Patrick Ahler, netfilter


What you need is the mport-match:

iptables -A FORWARD -p tcp -m mport --sport 5000:5020 -m state ...

Sven


Patrick Ahler wrote:

>1. Is there a way to specify a range of source ports when setting a rule. My
>ftp server uses ports 5000-5020 for passive but I don't want to have to
>write a rule for each port. (For a network firewall). The ftp server is
>behind the firewall.
>
>
>iptables -A FORWARD -p tcp --sport 5000 -m state --state
>NEW,ESTABLISHED,RELATED -j ACCEPT
>
>
>
>  
>



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: --sport
  2003-03-05 16:36 ` --sport Sven Schuster
@ 2003-03-05 19:52   ` Martin Josefsson
  2003-03-05 21:30     ` --sport Sven Schuster
  0 siblings, 1 reply; 5+ messages in thread
From: Martin Josefsson @ 2003-03-05 19:52 UTC (permalink / raw)
  To: Sven Schuster; +Cc: Patrick Ahler, Netfilter

On Wed, 2003-03-05 at 17:36, Sven Schuster wrote:
> What you need is the mport-match:
> 
> iptables -A FORWARD -p tcp -m mport --sport 5000:5020 -m state ...

mport is not needed for a simple range

-- 
/Martin

Never argue with an idiot. They drag you down to their level, then beat you with experience.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: --sport
  2003-03-05 19:52   ` --sport Martin Josefsson
@ 2003-03-05 21:30     ` Sven Schuster
  0 siblings, 0 replies; 5+ messages in thread
From: Sven Schuster @ 2003-03-05 21:30 UTC (permalink / raw)
  To: Martin Josefsson; +Cc: Patrick Ahler, Netfilter


Yes I actually recognized it _after_ posting :-)

My mistake...


Martin Josefsson wrote:

>mport is not needed for a simple range
>



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: --sport
  2003-03-05 16:21 --sport Patrick Ahler
  2003-03-05 16:36 ` --sport Sven Schuster
@ 2003-03-05 16:40 ` Maciej Soltysiak
  1 sibling, 0 replies; 5+ messages in thread
From: Maciej Soltysiak @ 2003-03-05 16:40 UTC (permalink / raw)
  To: Patrick Ahler; +Cc: netfilter

> 1. Is there a way to specify a range of source ports when setting a rule. My
# iptables -p tcp --help

So use:

--sport 5000:5020

Regards,
Maciej



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2003-03-05 21:30 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-03-05 16:21 --sport Patrick Ahler
2003-03-05 16:36 ` --sport Sven Schuster
2003-03-05 19:52   ` --sport Martin Josefsson
2003-03-05 21:30     ` --sport Sven Schuster
2003-03-05 16:40 ` --sport Maciej Soltysiak

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox