iptables syntax question: multiple protocols

From: David Klawiter (klawiter_at_nd.edu)
Date: 06/27/03

• Next message: Mogens Valentin: "Re: Portforwarding with ipchains on 2.4 kernel"
• Previous message: roman dissertori: "Re: I got hacked 3 times"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 27 Jun 2003 07:08:42 -0700

Greetings,

Im not seeing in practice, what I read in a book. I am trying to
consolidate a couple of lines of code, but they dont register.

Here is working code:

$IPT -N P2P_DROP
$IPT -A P2P_DROP -j LOG --log-prefix "IPT P2P_SHARING: " $LOGOPT
$IPT -A P2P_DROP -j DROP

$IPT -N P2P_SHARING
$IPT -A P2P_SHARING -p tcp --dport 1214 -j P2P_DROP # Kazaa
$IPT -A P2P_SHARING -p udp --dport 1214 -j P2P_DROP # Kazaa
$IPT -A P2P_SHARING -p tcp --dport 6346:6347 -j P2P_DROP # Gnutella
$IPT -A P2P_SHARING -p udp --dport 6346:6347 -j P2P_DROP # Gnutella

and it produces the following results:

Chain P2P_DROP (4 references)
target prot opt source destination
LOG all -- anywhere anywhere <limit: ...>
DROP all -- anywhere anywhere

Chain P2P_SHARING (1 references)
target prot opt source destination
P2P_DROP tcp -- anywhere anywhere tcp
dpt:1214
P2P_DROP udp -- anywhere anywhere udp
dpt:1214
P2P_DROP tcp -- anywhere anywhere tcp
dpts:6346:6347
P2P_DROP udp -- anywhere anywhere udp
dpts:6346:6347

- - - - - - -

Here is what I thought I should be able to do:

$IPT -N P2P_DROP
$IPT -A P2P_DROP -j LOG --log-prefix "IPT P2P_SHARING: " $LOGOPT
$IPT -A P2P_DROP -j DROP

$IPT -N P2P_SHARING
$IPT -A P2P_SHARING -p tcp,udp --dport 1214 -j P2P_DROP # Kazaa
$IPT -A P2P_SHARING -p tcp,upd --dport 6346:6347 -j P2P_DROP #
Gnutella

and here are the results I get:

Chain P2P_DROP (0 references)
target prot opt source destination
LOG all -- anywhere anywhere <limit: ...>
DROP all -- anywhere anywhere

Chain P2P_SHARING (1 references)
target prot opt source destination

- - - -

So, why is it that trying to specify multiple protocols causes the
code to fail?

• Next message: Mogens Valentin: "Re: Portforwarding with ipchains on 2.4 kernel"
• Previous message: roman dissertori: "Re: I got hacked 3 times"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: iptables, port scan, sendmail overload ... Assuming this is a firewall problem (likely, but may not be the only ... Chain CHECK_INVALID (3 references) ... avg 1/hour burst 2 LOG level warning prefix `TFW INVALID ... (comp.os.linux.security) Help: Mandriva failure to share Internet connection ... I have a Mandriva LE 2005 Desktop connected to the Internet via eth1 (static ... Chain INPUT ... prefix `Shorewall:FORWARD:REJECT:' ... Chain DropDNSrep (2 references) ... (comp.os.linux.networking) Shorewall for web server? ... I have shorewall working perfectly on my little home LAN, ... Now I'd like to allow access to a web-server (httpd) ... Chain DropDNSrep (2 references) ... (Fedora) Re: ftp passive mode and iptables ... > Chain FORWARD ... > Chain ACCEPTnLOG (0 references) ... warning prefix `gShield ' ... (comp.security.misc) Re: ftp passive mode and iptables ... > Chain FORWARD ... > Chain ACCEPTnLOG (0 references) ... warning prefix `gShield ' ... (comp.security.firewalls)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint