[Dshield] Configuring iptables; need favorite port lists
ksmith at chartwelltechnology.com
Wed Jun 18 16:39:06 GMT 2003
I'm no IPTables expert, but can't you do a port range instead of
iptables -A INPUT -p tcp --dport 1024:5000
My understanding is this will get cover all ports between 1024 and 5000.
On Wed, 2003-06-18 at 04:08, John Sage wrote:
> On Tue, Jun 17, 2003 at 05:59:03PM -0700, Kenneth Porter wrote:
> > --On Tuesday, June 17, 2003 1:00 PM -0700 John Sage <jsage at finchhaven.com>
> > wrote:
> > > Unfortunately, iptables seems to be limited to lists of <=15 ports in
> > > a statement, so I need a brief list of "most interesting".
> > You could use one of the iptables "script builders" (fwbuilder comes to mind)
> > to generate an initial script.
> > fwbuilder is GUI-based, uses XML for its files, and you can add your own port
> > descriptions. You can't import an iptables script, though, so editing the
> > output is one-way.
> Well, my firewall doesn't run X, so I can't be GUI, and I've never
> been a fan of script-built firewalls.
> This one's hand-crafted via good 'ol emacs :-/
> As far as the <=15 ports per statement, I'm just adding a second
> statement, so I'm up to 30...
> - John
More information about the list