Re: iptables rules - Jörg Harmuth

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Jörg Harmuth" <harmuth@mnemon.de>
To: netfilter@lists.netfilter.org
Subject: Re: iptables rules
Date: Thu, 15 Sep 2005 17:33:44 +0200	[thread overview]
Message-ID: <43299458.1000205@mnemon.de> (raw)
In-Reply-To: <1126797736.4790.24.camel@ndspc131.p.n-dsi.com>

For the sake of completeness :)

Peggy Kam wrote:
> Hi,
> 
> I have defined the following firewall rule in iptables:
> 
> iptables -I FORWARD -s 192.168.22.102 -d 192.168.1.112 -p tcp -m tcp -m
> multiport --ports 22,23,24,25 -j ACCEPT
> 
> why were the packets able to get to 192.168.1.112 on port 22 when the
> packets does not even come from ports 22,23,24 or 25?

man iptables:

multiport

...

       --ports [!] port[,port[,port:port...]]
               Match if either the source or destination
               ports are equal to one
               of the given ports.

So, this is expected behavior, provided that there are no other rules
in the way.

HTH,

Joerg



!DSPAM:43299390313231087616080!

next prev parent reply	other threads:[~2005-09-15 15:33 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-04 19:36 multiports Peggy Kam
2005-08-05  6:34 ` multiports Jan Engelhardt
2005-08-10 20:13   ` Maximum number of ports? Peggy Kam
2005-08-11 16:54     ` /dev/rob0
2005-09-13 22:10     ` Maximum number of rules in iptables? Peggy Kam
2005-09-14  3:41       ` Edmundo Carmona
2005-09-14  4:44         ` /dev/rob0
     [not found]           ` <65aa6af905091406415094a9ff@mail.gmail.com>
2005-09-14 13:42             ` Fwd: " Edmundo Carmona
2005-09-15 15:22       ` iptables rules Peggy Kam
2005-09-15 15:26         ` Jörg Harmuth
2005-09-15 15:37           ` Peggy Kam
2005-09-15 16:23             ` Jörg Harmuth
2005-10-21 13:46               ` Realos
2005-10-21 16:03                 ` Rob Sterenborg
2005-10-21 16:19                 ` Jörg Harmuth
2005-09-15 15:33         ` Jörg Harmuth [this message]
     [not found] <47fc8b35.0e1f400a.4de1.0570@mx.google.com>
2008-04-09  9:53 ` Iptables Rules Jan Engelhardt
2008-04-09 17:01   ` Minh Cao
2008-04-09 17:03     ` Jan Engelhardt
  -- strict thread matches above, loose matches on Subject: below --
2008-04-08 22:01 Minh Cao
2008-04-09  4:12 ` Jan Engelhardt
2007-09-22 18:57 Iptables rules Shams Fantar
2007-09-22 19:32 ` Eljas Alakulppi
2007-09-22 19:44 ` Mike Wright
2002-09-09  4:06 Didier Hung Wan Luk
2002-09-07 11:59 ashivale
2002-09-07  9:39 Didier Hung Wan Luk
2002-09-07 10:36 ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43299458.1000205@mnemon.de \
    --to=harmuth@mnemon.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox