iptables invert issue
Code:
@tux.init.d # iptables -A INPUT --protocol ! tcp --dport 51000 -j ACCEPT iptables v1.2.11 Linux tux 2.6.7 #1 Sun Jun 27 03:10:39 CEST 2004 i686 Celeron (Mendocino) GenuineIntel GNU/Linux Gentoo |
REJECT?
It looks like you're trying to create a rule that accepts everything BUT that port? Try putting a REJECT at the end, and then right filter rules that let everything in by default.
|
Yes I am trying to accept everything but that port and it should work according to the manual.
I am not sure that I understand your answer 'RIGHT FILTER RULES?', I have a RULE at the end of my script that TAKES everything that hasn't a rule --ESTABLISHED --RELATED , DROP or ACCEPT.. then it sends all of those packets to a CHAIN for REJECTING/DROPPING and LOGGING depending on the package. |
Quote:
iptables -A (append) INPUT -protocol ! (not) tcp --dport 51000 -j (make) ACCEPT Code:
iptables -A INPUT -protocol ! tcp --dport 51000 Code:
-j ACCEPT the packet, becasue you want the table to REJECT or DROP the packet and not ACCEPT it. |
So basically if I do
iptables -A INPUT -protocol ! tcp --dport 51000 REJECT I will deny udp and icmp on that port, but I allready hava a rule ot the bottom that captures all packets that hasnt been allowed so basically I wont need that. What I need to do is to allow both udp and tcp in one rule, how would I do that then? and here is the output the same as before @tux init.d # iptables -A INPUT -p ! tcp --dport 51000 -j REJECT iptables: Invalid argument @tux init.d # iptables -A INPUT -p !tcp --dport 51000 -j REJECT bash: !tcp: event not found @tux init.d # iptables -A INPUT -p ! tcp --dport 51000 -j DENY iptables v1.2.11: Couldn't load target `DENY':/lib/iptables/libipt_DENY.so: cannot open shared object file: No such file or directory @tux init.d # iptables -A INPUT -p !tcp --dport 51000 -j DENY bash: !tcp: event not found |
Quote:
Quote:
this will DROP all packets trying to access dport 51000 |
I am completely lost... seems it is something wrong with my iptables, or I am doing it wrong..
all doesnt work and when using (invert) i in protocol it doesnt work |
destination
Are you root? Log into root and insert this command...
Code:
iptables -A INPUT -p all --dport 51000 -j DROP Then to see if it worked issue... Code:
iptables -L |
seems it works with -d instead --dport, human error :)
but what about the invert (!) option? Code:
-p, --protocol [!] protocol root@tux lappen # iptables -A INPUT -p !tcp --dport 51000 -j ACCEPT bash: !tcp: event not found root@tux lappen # iptables -A INPUT -p ! tcp --dport 51000 -j ACCEPT iptables: Invalid argument EDIT: seems the ! invert option works with -d but not --dport, should it work with --dport? iptables -A INPUT -p ! tcp -d 192.168.0.3 -j ACCEPT ACCEPT !tcp -- anywhere 192.168.0.3 I would want a source or destiantion port with that but it seems it doesnt work that way iptables -A INPUT -p ! tcp -d 192.168.0.3 --dport 50000 -j ACCEPT iptables: Invalid argument Maybe I am still missunderstanding everything |
All times are GMT -5. The time now is 09:44 PM. |