give multible ports a/o ips to iptables [fixed: problems with firehol...]

To: debian-firewall@lists.debian.org
Subject: give multible ports a/o ips to iptables [fixed: problems with firehol...]
From: Jonas Meurer <jonas@freesources.org>
Date: Wed, 1 Sep 2004 19:06:00 +0200
Message-id: <[🔎] 20040901170600.GE5636@resivo.mejo.net>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <20040831155147.GA9738@resivo.mejo.net>
References: <20040831155147.GA9738@resivo.mejo.net>

On 31/08/2004 Jonas Meurer wrote:
>         [...]
>         iptables -A INPUT -i eth0 -p tcp --dport 210 -j ACCEPT
>         iptables -A OUTPUT -o eth0 -p tcp --sport 210 -j ACCEPT
>         iptables -A INPUT -i eth0 -p tcp --dport 215 -j ACCEPT
>         iptables -A OUTPUT -o eth0 -p tcp --sport 215 -j ACCEPT
>         iptables -A INPUT -i eth0 -p tcp --dport 220 -j ACCEPT
>         iptables -A OUTPUT -o eth0 -p tcp --sport 220 -j ACCEPT
>         iptables -A INPUT -i eth0 -p tcp --dport 225 -j ACCEPT
>         iptables -A OUTPUT -o eth0 -p tcp --sport 225 -j ACCEPT
>         iptables -A INPUT -i eth0 -p tcp --dport 230 -j ACCEPT
>         iptables -A OUTPUT -o eth0 -p tcp --sport 230 -j ACCEPT
> 
> since some weeks, the ftp server doesn't respond to requests on ports
> except 21 and 215 any longer, and i've no glue what the problem could
> be.

now i found the problem: ftpd runs on two ips, 128.98 and 128.99.
for some reason, the iptables rules didn't open ports on all ips.

now i have
        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.98 --dport 210 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.98 --sport 210 -j ACCEPT
        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.99 --dport 210 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.99 --sport 210 -j ACCEPT

        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.98 --dport 215 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.98 --sport 215 -j ACCEPT
        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.99 --dport 215 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.99 --sport 215 -j ACCEPT

        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.98 --dport 220 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.98 --sport 220 -j ACCEPT
        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.99 --dport 220 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.99 --sport 220 -j ACCEPT

        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.98 --dport 225 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.98 --sport 225 -j ACCEPT
        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.99 --dport 225 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.99 --sport 225 -j ACCEPT

        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.98 --dport 230 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.98 --sport 230 -j ACCEPT
        iptables -A INPUT -i eth0 -p tcp -d ??.??.128.99 --dport 230 -j ACCEPT
        iptables -A OUTPUT -o eth0 -p tcp -d ??.??.128.99 --sport 230 -j ACCEPT

it really works like a charm, but is there any way to shorten this?
can i give multible ports and/or ips to iptables?

bye
 jonas

Reply to:

Follow-Ups:
- Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
  - From: Mike Mestnik <cheako911@yahoo.com>

Next by Date: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Next by thread: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Index(es):
- Date
- Thread