According to the man page, I should be able to specify multiple protocols with one line.. i.e
$IPTABLES -A INPUT -p ALL --dport 143 -j ACCEPT
However iptables gives me the following error:
Quote:
iptables v1.3.3: Unknown arg `--destination-port'
Try `iptables -h' or 'iptables --help' for more information.
|
However if I write it like
$IPTABLES -A INPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 143 -j ACCEPT
It doesn't give errors. I'm trying to troubleshoot an instance where I can't connect to courier-imap on 143 via Outlook Express 6x when the firewall is in place, but I can if I flush all existing rules.
The firewall I currently have in place is
Quote:
#!/bin/bash
#Change the part after the = to the where you IPTABLES is on your system
IPTABLES=/sbin/iptables
#flush existing rules
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp
$IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 110 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 143 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 783 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 783 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 6900:6910 -j ACCEPT
$IPTABLES -A INPUT -p tcp -s 216.229.107.32 --dport 3306 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 22 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 110 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 110 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 783 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 783 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 993 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p tcp -j REJECT
$IPTABLES -A INPUT -p ICMP -j DROP
#$IPTABLES -A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG
$IPTABLES -A INPUT -i ! lo -j DROP
|
And with it in place I can't reach the courier-imap service via Outlook Express (but I can from a straight telnet window). I've narrowed it down to something in the firewall blocking it, but am stuck there at the moment.