RE: Iptables config
On Fri, 2002-04-12 at 13:27, VERBEEK, Francois wrote:
> BTW if you plan to use --dport you need rather a line like
>
> iptables -A INPUT -p tcp -s 0/0 -m tcp --dport 22 -i $dev -j ACCEPT
-m tcp is not needed. See manpage:
MATCH EXTENSIONS
iptables can use extended packet matching modules. These are loaded in two ways: implicitly, when -p or
--protocol is specified, or with the -m or --match options, followed by the matching module name; after these,
various extra command line options become available, depending on the specific module. You can specify
multiple extended match modules in one line, and you can use the -h or --help options after the module has
been specified to receive help specific to that module.
So the tcp extension is already implicitly loaded by using -p tcp.
--
Tot ziens,
Bart-Jan
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: