Find the answer to your Linux question:
Results 1 to 4 of 4
Hi All, Hoping someone has a little more experience with iptables than I - shouldn't be too hard. I am just wondering if anyone can confirm whether or not the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 04-21-2012 #1
    johnnygear
    johnnygear is offline
    Just Joined!
    Join Date
    Apr 2012
    Posts
    5

    iptables question: --dports option and context

    Hi All,

    Hoping someone has a little more experience with iptables than I - shouldn't be too hard.

    I am just wondering if anyone can confirm whether or not the --dports option only works in some contexts or whether it can be used in place of the usual --dport option as a valid way to consolidate many rules into single multi-port rules.

    eg.

    iptables -A INPUT -p tcp -m tcp --dports 135,137,138,139 -m recent --name portscan --set -j DROP

    Thanks,

    Johnny
  2. 04-21-2012 #2
    Lazydog
    Lazydog is offline
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,629
    --dports is just that, multiple ports in a signal rule, or am I not understanding your question?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted
  3. 04-21-2012 #3
    johnnygear
    johnnygear is offline
    Just Joined!
    Join Date
    Apr 2012
    Posts
    5
    Quote Originally Posted by Lazydog View Post
    --dports is just that, multiple ports in a signal rule, or am I not understanding your question?
    Yes, I am asking if that is in fact the case.

    I have read through the iptables man page but it is not explicit about the context of --dports as far as I am concerned.

    Furthermore, the only place I can find reference to --dports being used, it is being used with a -m multiport option; Please see the rule I am referencing below:
    iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

    Could you confirm whether my rule will work as it is, or would I need to change it and add the -m multiport option? (my rule is listed below)
    iptables -A INPUT -p tcp -m tcp --dports 135,137,138,139 -m recent --name portscan --set -j DROP

    Thanks for your help,

    Johnny
  4. 04-22-2012 #4
    johnnygear
    johnnygear is offline
    Just Joined!
    Join Date
    Apr 2012
    Posts
    5
    Quote Originally Posted by johnnygear View Post
    Yes, I am asking if that is in fact the case.

    I have read through the iptables man page but it is not explicit about the context of --dports as far as I am concerned.

    Furthermore, the only place I can find reference to --dports being used, it is being used with a -m multiport option; Please see the rule I am referencing below:
    iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

    Could you confirm whether my rule will work as it is, or would I need to change it and add the -m multiport option? (my rule is listed below)
    iptables -A INPUT -p tcp -m tcp --dports 135,137,138,139 -m recent --name portscan --set -j DROP

    Thanks for your help,

    Johnny
    After doing some further reading I have come to the conclusion that the right way to construct a multi port rule such as mine is as follows:

    RANGE:

    iptables -A INPUT -p tcp -m multiport --dports 135:139 -m recent --name portscan --set -j DROP

    INDUVIDUAL PORTS:

    iptables -A INPUT -p tcp -m multiport --dports 135,136,137,138,139 -m recent --name portscan --set -j DROP

    Thanks for the help everyone.

    Regards,

    Johnny
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules