Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I read the manpage and the only time they use --dest-port or -dport is when they're using an extension.
I just wanted to do some basic filtering without extensions. I tried:
iptables -A INPUT -p all -dports 6000 -j DROP
and I got that 6000 was an invalid argument.
So I try different syntax using --dst-port and it saays that dst-port isn't correct syntax. I just have 3 or 4 ports to block for a short period of time. Am I doing something wrong?
-p all includes a wide number of protocols besides tcp and udp such as icmp, gre, etc (see /etc/protocols). Many of them don't have a concept of a 'port' like icmp for example. So you need to specify the tcp or udp protocol. Also use two dashes for the secondary options like -p tcp --dport 6000
The mangle table is used for modifying various parts of the packet. For incoming packets, it allows you to change these parameters before any routing decisions are made which is useful in certain situations. It's extrememly important not to do any filtering or NAT in this table as the rules will be ignored. In most situations you won't ever need to do any mangling, but if you wanted to change the TTL of an outgoing packet (to hide the fact that it's behind a NAT firewall) then you could modify the TTL in the mangle table. This is a really great HOWTO that can explain iptables pretty well, take a look:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.