RE: Iptables config

To: "VERBEEK, Francois" <Francois.VERBEEK@BBL.BE>
Cc: "'debian-security@lists.debian.org'" <debian-security@lists.debian.org>
Subject: RE: Iptables config
From: Bart-Jan Vrielink <bartjan@vrielink.net>
Date: 12 Apr 2002 14:10:48 +0200
Message-id: <[🔎] 1018613448.581.24.camel@zarniwoop>
In-reply-to: <[🔎] 3C96057600054084@sgvrs1.bbl.be> (added by postmaster@sgvrs1.bbl.be)
References: <[🔎] 3C96057600054084@sgvrs1.bbl.be> (added by postmaster@sgvrs1.bbl.be)

On Fri, 2002-04-12 at 13:27, VERBEEK, Francois wrote:
> BTW if you plan to use --dport you need rather a line like
> 
> iptables -A INPUT -p tcp -s 0/0 -m tcp --dport 22 -i $dev -j ACCEPT

-m tcp is not needed. See manpage:

MATCH EXTENSIONS
       iptables can use extended packet matching modules.  These are loaded in  two  ways:  implicitly,  when  -p  or
       --protocol is specified, or with the -m or --match options, followed by the matching module name; after these,
       various extra command line options become available, depending  on  the  specific  module.   You  can  specify
       multiple  extended  match  modules  in one line, and you can use the -h or --help options after the module has
       been specified to receive help specific to that module.

So the tcp extension is already implicitly loaded by using -p tcp.

-- 
Tot ziens,

Bart-Jan


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- RE: Iptables config
  - From: "VERBEEK, Francois" <Francois.VERBEEK@BBL.BE>

Prev by Date: RE: Iptables config
Next by Date: Re: Iptables config
Previous by thread: RE: Iptables config
Next by thread: Re: Iptables config
Index(es):
- Date
- Thread