Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]

To: Jonas Meurer <jonas@freesources.org>
Cc: debian-firewall@lists.debian.org
Subject: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
From: Jean Christophe André <jean-christophe.andre@auf.org>
Date: Thu, 2 Sep 2004 10:27:55 +0700
Message-id: <[🔎] 1094095675.4136933b9eb9a@secure.vn.auf.org>
In-reply-to: <[🔎] 20040901214422.GB11304@resivo.mejo.net>
References: <[🔎] 20040901170600.GE5636@resivo.mejo.net> <[🔎] 20040901203553.28672.qmail@web11906.mail.yahoo.com> <[🔎] 20040901214422.GB11304@resivo.mejo.net>

> On 01/09/2004 Mike Mestnik wrote:
> > There are several things you can do.  I would make a new table called
> > local_rules or something and put each "-p tcp --?port" rule in there.
> > Then it as easy as "-d ??.??.128.98 -j local_rules" and "-d ??.??.128.99
> > -j local_rules".

Selon Jonas Meurer <jonas@freesources.org>:
> wee, sounds very interesting, but how do i create this rule "local_rules"?

iptables -N local_rules
iptables -A local_rules ...

> > There is also "-m multiport "...
> > This  module  matches  a  set of source or destination ports.  Up to 15
> > ports can be specified.  It can only be used in conjunction with -p tcp or
> > -p udp.
> >        --source-ports port[,port[,port...]]
> >        --destination-ports port[,port[,port...]]
> >        --ports port[,port[,port...]]
> also interesting, but i really don't know how to use it.
> the manpage tells me that it's a module, so i have to load it into
> kernel, but afterwards?

Any module will be dynamicaly loaded as soon as you use "-m module".

iptables -A OUTPUT ... -m multiport --dports 210,215,220,225,230 ...

For your .98 & .99 problem, you may use something like this:
  iptables -A OUTPUT -d ???.???.128.98/255.255.255.254 ...
or like this (exactly the same in this case):
  iptables -A OUTPUT -d ???.???.128.98/31 ...

This only work for an even number and the next one (98 & 99),
but not for an odd number and the next one (99 & 100). This is
because of binary base logic (change only in the last bit).

There is also some good (translated) documentation here:
  http://www.iptables.org/documentation/
--
Jean Christophe André.
Agence universitaire de la Francophonie - Bureau Asie Pacifique

Reply to:

Follow-Ups:
- Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
  - From: Jonas Meurer <jonas@freesources.org>

References:
- give multible ports a/o ips to iptables [fixed: problems with firehol...]
  - From: Jonas Meurer <jonas@freesources.org>
- Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
  - From: Mike Mestnik <cheako911@yahoo.com>
- Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
  - From: Jonas Meurer <jonas@freesources.org>

Prev by Date: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Next by Date: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Previous by thread: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Next by thread: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Index(es):
- Date
- Thread