Re: Converting ipchains rules to iptables!

From: Andrew Carson (acarson@NOSPAM.iinet.net.au)
Date: 10/19/02


From: "Andrew Carson" <acarson@NOSPAM.iinet.net.au>
Date: Sat, 19 Oct 2002 20:35:59 +0800


> # Deny TCP and UDP packets to privileged ports
> ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
> ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY
>
> now, you helped me with these where $EXTIF and $ANY is assigned with
values.
>
> # Deny TCP and UDP packets to privileged ports
>
> iptables -A INPUT -p udp -i $EXTIF -d $ANY 0:1023 -p udp -j LOG
> iptables -A INPUT -p udp -i $EXTIP -d $ANY 0:1023 -j DROP
>
> iptables -A INPUT -p tcp -i $EXTIF -d $ANY 0:1023 -j LOG
> iptables -A INPUT -p tcp -i $EXTIF -d $ANY 0:1023 -j DROP
>
> Now, iptables says ...
>
> Warning: wierd character in interface `-d' (No aliases, :, ! or *).
> Bad argument `0-1023'
>
> Why is this happening, please?
>
> thanks in advance.

When referring to a port in iptables, you refer to either destination port
or source port.. so in this case you'd use:
-d $ANY --dport 0:1023

However.. since iptables is stateful, there's no need to do this.. you can
just do:
iptables -A INPUT -p tcp -i $EXTIF -m state --state NEW,INVALID -j DROP
This wont let *any* *new* packets in on $EXTIF, you just put your holes in
afterwards for services you are running.

HTH



Relevant Pages

  • Re: Suspecious DNS traffic
    ... IP addresses and port numbers of outgoing UDP packets and allow ... subsequent incoming UDP packets with source and destination reversed. ... This has nothing to do with TCP. ...    I am using stateful firewall and still why my BIND DNS server connection iniated using source port 53 to remote DNS server on non standard destination port is getting blocked? ...
    (comp.protocols.dns.bind)
  • Re: false portscan alarm
    ... What is the reason of that treffic? ... which each have a local source port above 1024 opened outgoing to port 80 ... Windows Messenger? ... UDP packets from that IP have been MSN/Windows messenger spam (which is ...
    (comp.security.firewalls)
  • Re: udp packets ??
    ... looking for a vulnerable port, and UDP, the source IP address is likely ... is just the source of the log entry. ... source IP address of the packet matches the destination IP address. ... UDP packets to any other process; nor is there any process listening on UDP ...
    (microsoft.public.security)
  • Re: Port Scan(?)
    ... We use IRE ... SafeNet's SoftPK IPSec client. ... the culprit machine and no longer saw the UDP packets. ... > Subject: Port Scan ...
    (Security-Basics)
  • Re: Locate netowrk blockage
    ... Unix 'traceroute' sends UDP packets to port numbers above 33434, ... or someone dropping ICMP type 11 and/or type 3. ...
    (comp.os.linux.misc)