iptables port range funny
Wed, 03 Oct 2001 14:57:14 +0200
as you DROP nmap assumes it is behind a firewall, thus filtered.
If you have no service running you get the equiv of
REJECT --reject-with icmp-port-unreachable I belive.
> Date: Wed, 03 Oct 2001 13:15:29 +0100
> From: Tim <firstname.lastname@example.org>
> To: email@example.com
> Subject: iptables port range funny
> Hi there
> I can't find a reference to this, but I'm sure that it must have been
> discovered before.
> I'm running iptables 1.2.1a-1.
> I have a rule that blocks access to X ports (6000:6010):
> iptables -A INPUT -i $EXTDEV -d $EXTNET -p tcp --dport 6000:6010 -j
> iptables -L -v confirms that this is in place
> 0 0 DROP tcp -- any eth0 188.8.131.52/28
> anywhere tcp spts:X:6010
> However, when I run nmap (against this machine, it claims that only
> ports 6000 to 6009 are filtered.
> (nmap-2.54BETA22-3 - RedHat 7.1).
> Which is broken??
> Anyone else seen this?