iptables port range funny
Hans Lohmander
hans.lohmander@ei.sigma.se
Wed, 03 Oct 2001 14:57:14 +0200
Hi,
as you DROP nmap assumes it is behind a firewall, thus filtered.
If you have no service running you get the equiv of
REJECT --reject-with icmp-port-unreachable I belive.
/Hans
netfilter-request@lists.samba.org wrote:
> Date: Wed, 03 Oct 2001 13:15:29 +0100
> From: Tim <tim@domus29.freeserve.co.uk>
> To: netfilter@lists.samba.org
> Subject: iptables port range funny
>
> Hi there
>
> I can't find a reference to this, but I'm sure that it must have been
> discovered before.
>
> I'm running iptables 1.2.1a-1.
>
> I have a rule that blocks access to X ports (6000:6010):
> iptables -A INPUT -i $EXTDEV -d $EXTNET -p tcp --dport 6000:6010 -j
> DROP
>
> iptables -L -v confirms that this is in place
>
> 0 0 DROP tcp -- any eth0 217.204.229.160/28
> anywhere tcp spts:X:6010
>
> However, when I run nmap (against this machine, it claims that only
> ports 6000 to 6009 are filtered.
> (nmap-2.54BETA22-3 - RedHat 7.1).
>
> Which is broken??
>
> Anyone else seen this?
>
> tc
>
--