Re: Disabling X and KDM from listening on a port.

From: Fabrice MARIE (fabrice@celestix.com)
Date: 08/16/01


Message-Id: <200108161150.f7GBoNR09421@fabrice.celestix.com>
From: Fabrice MARIE <fabrice@celestix.com>
To: Rob Feztaa Park <fezziker@home.com>
Subject: Re: Disabling X and KDM from listening on a port.
Date: Thu, 16 Aug 2001 11:49:22 +0000


Hello,

On Thursday 16 August 2001 01:21, you wrote:
> How would I implement this with iptables? I read through the iptables man
> pages, but I don't see an '-l' option anywhere.
> On Wed, 15 Aug 2001, Avery Payne (dis)graced my inbox with this:
> AP>ipchains -A input -D <localaddress> 0:1024 -l -j REJECT

In iptables, you need to do that in two lines for now,
I wrote a patch (patch-o-matic format) to have log being
a match in order to do the 2 in the same line, patch is
available at :
http://lists.samba.org/pipermail/netfilter-devel/2001-July/001699.html
A decision still need to be done by the core team
as to whether to accept it or not.

meanwhile, you have to do it in 2 rules, something like
that should be the translation of your ipchains commands :

iptables -A INPUT -p tcp -d <localaddress> --dport 0:1024 \
   -j LOG --log-prefix ' packet rejected '
iptables -A INPUT -p tcp -d <localaddress> --dport 0:1024 \
   -j REJECT --reject-with host-unreach

Have a nice day,
   
Fabrice.

-- 
Fabrice MARIE
Senior R&D Engineer
Celestix Networks
http://www.celestix.com/

"Silly hacker, root is for administrators" -Unknown



Relevant Pages

  • Re: FTP Setup
    ... It is listening on port 21: ... Could be you need to open a doorway for FTP in your firewall. ... You probably should check what's going on with iptables: ... Maybe your ISP blocks that port and you'll have to choose ...
    (comp.os.linux.setup)
  • Re: FTP Setup
    ... It is listening on port ... Could be you need to open a doorway for FTP in your firewall. ... You probably should check what's going on with iptables: ... Maybe your ISP blocks that port and you'll have to choose ...
    (comp.os.linux.setup)
  • Re: Totally stuck --> UDP packets refused
    ... So I added 9761 UDP to iptables ... The more likely explanation is that noone is listening on zon.9761 ... I agree that replying on another port is weird. ...
    (comp.os.linux.networking)
  • Re: telnet on local LAN question
    ... Thanks in advance (this iptables stuff is a bit daunting ...), ... An additional thing to check is if you are listening on port 23. ... Roberto Ragusa mail at robertoragusa.it ...
    (Fedora)
  • Re: how can i open a port
    ... > If it's listening, but you can't get to it from another server, you may ... > have it blocked by your firewall rules. ... I don't do iptables, so if ... > how to open up the port through your firewall. ...
    (RedHat)