tcp exxtensions options (h, dport)
Denis Karpov
Denis.Karpov@lut.fi
Wed, 12 Apr 2000 19:17:58 +0300
Hi all,
playing with iptables i found several things that do not work (as it was specified in HOWTO)
1. help on protocol extensions is not available:
iptables -p tcp -h
gives the same general help on iptables, not help on tsp extensions. as far as i remember there was a discussion of the same problem (and patch), but seems the situation persists
2. with tcp extensions it is not possible to specify port range with --dport and --sport parameters
[root@xxx:xxx]$iptables -A INPUT 1 -p tcp -d xxx --destination-port 20-22 -j ACCEPT
iptables v1.0.0: invalid TCP port/service `20-22' specified
Try `iptables -h' or 'iptables --help' for more information.
oops, just found out from source that port range should be specified not as 20-22, but as 20:22
what sould be patched ? documentation or source code ? ;)
from Linux Packet Filtering HOWTO:
" --source-port followed by an optional `!', then either a
single TCP port, or a range of ports. Ports can be port names, as
listed in /etc/services, or numeric. Ranges are either two port names
separated by a `-', or (to specify greater than or equal to a given
port) a port with a `-' appended, or (to specify less than or equal to
a given port), a port preceded by a `-'. "
anyway,
iptables -A INPUT 1 -p tcp -d xxx --destination-port -22 -j ACCEPT, or
iptables -A INPUT 1 -p tcp -d xxx --destination-port 22- -j ACCEPT won't work.
rgds,
Denis.
--
("\''/").__..-''"`-. . Denis.Karpov@lut.fi
`9_ 9 ) `-. ( ).`-._.`) http://www.lut.fi/~karpov/
(_Y_.)' ._ ) `._`. " -.-' +358 (0)40 502 0931
_..`-'_..-_/ /-'_.' Datacomunications Lab
(l)-'' ((i).' ((!.' Lappeenranta University of Technology
*** Join the Army, meet interesting people, kill them. ***