blocking all traffic except selected ports
opie at 817west.com
Sun Apr 24 00:50:47 CEST 2005
On Sat, Apr 23, 2005 at 06:36:15PM -0400, Ed wrote:
> Actually (after having a pot of coffee) I just looked at `iptables -m
> multiport --help` on my box, and saw the following:
> multiport v1.3.1 options:
> --source-ports [!] port[,port:port,port...]
> --sports ...
> match source port(s)
> --destination-ports [!] port[,port:port,port...]
> --dports ...
> match destination port(s)
> --ports [!] port[,port:port,port]
> match both source and destination port(s)
> It seems multiport has been updated to use port ranges after all.
> (Note to self: don't reply to messages right after waking up either.
> UGH! I thought there was a reason that I switched from mport to
> multiport on my router...)
> # uname -r && iptables --version
> iptables v1.3.1
this brings out an interesting point--as i was speaking from an iptables
1.2.11 perspective (i have not updated a single box to 1.3.x)...we're
probably going to have to start specifying iptables version on almost
every post to keep from confusing the hell outta people.
"Chris: Dad, there's a guy outside who says I can't go to school.
Peter: Yeah? Him and what army?
Chris: The U.S. Army.
Peter: ...that's a good army."
More information about the netfilter