[Dshield] Configuring iptables; need favorite port lists

Kenton Smith ksmith at chartwelltechnology.com
Wed Jun 18 16:39:06 GMT 2003


I'm no IPTables expert, but can't you do a port range instead of
individual ports?

iptables -A INPUT -p tcp --dport 1024:5000

My understanding is this will get cover all ports between 1024 and 5000.

Kenton

On Wed, 2003-06-18 at 04:08, John Sage wrote:
> On Tue, Jun 17, 2003 at 05:59:03PM -0700, Kenneth Porter wrote:
> > --On Tuesday, June 17, 2003 1:00 PM -0700 John Sage <jsage at finchhaven.com>
> > wrote:
> > 
> > > Unfortunately, iptables seems to be limited to lists of <=15 ports in
> > > a statement, so I need a brief list of "most interesting".
> > 
> > You could use one of the iptables "script builders" (fwbuilder comes to mind)
> > to generate an initial script.
> > 
> > fwbuilder is GUI-based, uses XML for its files, and you can add your own port
> > descriptions. You can't import an iptables script, though, so editing the
> > output is one-way.
> 
> hrm..
> 
> Well, my firewall doesn't run X, so I can't be GUI, and I've never
> been a fan of script-built firewalls.
> 
> This one's hand-crafted via good 'ol emacs :-/
> 
> As far as the <=15 ports per statement, I'm just adding a second
> statement, so I'm up to 30...
> 
> 
> - John




More information about the list mailing list