Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: slack current with 2.6.16.18 (still off the hook)
Posts: 284
Rep:
IPTABLES problem with -m multiport
This might be something really simple but I've been fighting it for 2 days and is starting to drive me crazy.
I'm writing a firewall script and it's over 300 lines already. I want to use the the multiport as follows to save some space and to make the script a bit more manageble but I keep geting an error:
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
The one module called multiport does not handle the span of ports like you are trying to do from what I know. You want to use the mport module. The multiport can only hande it as a single so one would have to use it like this.
Originally posted by Brian1 The one module called multiport does not handle the span of ports like you are trying to do from what I know. You want to use the mport module. The multiport can only hande it as a single so one would have to use it like this.
I may be wrong by my iptables manpage mentions the exact opposite
Code:
mport
This module matches a set of source or destination ports. Up to 15
ports can be specified. It can only be used in conjunction with -p tcp
or -p udp.
--destination-ports port[,port[,port...]]
Match if the destination port is one of the given ports. The
flag --dports is a convenient alias for this option.
multiport
This module matches a set of source or destination ports. Up to 15
ports can be specified. A port range (port:port) counts as two ports.
It can only be used in conjunction with -p tcp or -p udp.
--destination-ports [!] port[,port[,port:port...]]
Match if the destination port is one of the given ports. The
flag --dports is a convenient alias for this option.
Also, for a simple span of ports you don't need extensions
You can do the following:
I'm running iptables 1.3.1 so I don't belive I need to patch-o-matic my install do I?
This means that you don't have the module for iptables since it can't load the .so library.
If you run "man iptables" you will see that you need the "multiport" and NOT the "mport" module (at least according to my
manpage)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.