iptables invert issue
 

Any suggestions on how to get it to work?

iptables v1.2.11
Linux tux 2.6.7 #1 Sun Jun 27 03:10:39 CEST 2004 i686 Celeron (Mendocino) GenuineIntel GNU/Linux
Gentoo

REJECT?
 

It looks like you're trying to create a rule that accepts everything BUT that port? Try putting a REJECT at the end, and then right filter rules that let everything in by default.

Yes I am trying to accept everything but that port and it should work according to the manual.

I am not sure that I understand your answer 'RIGHT FILTER RULES?', I have a RULE at the end of my script that TAKES everything that hasn't a rule --ESTABLISHED --RELATED , DROP or ACCEPT.. then it sends all of those packets to a CHAIN for REJECTING/DROPPING and LOGGING depending on the package.

If i'm right then you should have either REJECT or DROP at the end of your table. The way you have it now states...

iptables -A (append) INPUT -protocol ! (not) tcp --dport 51000 -j (make) ACCEPT


Here your are telling the table 'not' to allow any packages to be able to pass through destination port 51000

Here you are telling the table what to do with the packet when it reaches the end of the table...which is ACCEPT it. So why would you want to ACCEPT the packet when you just told the table ! (not) to allow anything to pass through dport 51000? When it should be REJECT or DROP
the packet, becasue you want the table to REJECT or DROP the packet and not ACCEPT it.

So basically if I do
iptables -A INPUT -protocol ! tcp --dport 51000 REJECT

I will deny udp and icmp on that port, but I allready hava a rule ot the bottom that captures all packets that hasnt been allowed so basically I wont need that.
What I need to do is to allow both udp and tcp in one rule, how would I do that then?


and here is the output the same as before
@tux init.d # iptables -A INPUT -p ! tcp --dport 51000 -j REJECT
iptables: Invalid argument
@tux init.d # iptables -A INPUT -p !tcp --dport 51000 -j REJECT
bash: !tcp: event not found
@tux init.d # iptables -A INPUT -p ! tcp --dport 51000 -j DENY
iptables v1.2.11: Couldn't load target `DENY':/lib/iptables/libipt_DENY.so: cannot open shared object file: No such file or directory
@tux init.d # iptables -A INPUT -p !tcp --dport 51000 -j DENY
bash: !tcp: event not found

It will not drop udp or icmp because you told the table to only drop tcp packets. To use all three tcp/udp/icmp just use the flag --protocol all or -p all that will use all three in one table tcp/udp/icmp





use... iptables -A INPUT -p all --dport 51000 -j DROP

this will DROP all packets trying to access dport 51000

I am completely lost... seems it is something wrong with my iptables, or I am doing it wrong..

all doesnt work and when using (invert) i in protocol it doesnt work

destination
 

Are you root? Log into root and insert this command...

again this should drop all packets tcp/udp/icmp trying to access port 51000

Then to see if it worked issue...

This will list what tables you have running.

seems it works with -d instead --dport, human error :)

but what about the invert (!) option?

Does any of this work for you?
root@tux lappen # iptables -A INPUT -p !tcp --dport 51000 -j ACCEPT
bash: !tcp: event not found
root@tux lappen # iptables -A INPUT -p ! tcp --dport 51000 -j ACCEPT
iptables: Invalid argument

EDIT: seems the ! invert option works with -d but not --dport, should it work with --dport?

iptables -A INPUT -p ! tcp -d 192.168.0.3 -j ACCEPT
ACCEPT !tcp -- anywhere 192.168.0.3


I would want a source or destiantion port with that but it seems it doesnt work that way
iptables -A INPUT -p ! tcp -d 192.168.0.3 --dport 50000 -j ACCEPT
iptables: Invalid argument


Maybe I am still missunderstanding everything