From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linserver.romuald.net.eu.org ([63.228.150.209]) by speech.braille.uwo.ca with esmtp (Exim 3.36 #1 (Debian)) id 1HVcJE-0003Xg-00 for ; Sun, 25 Mar 2007 19:39:36 -0400 Received: (qmail 21860 invoked by uid 1000); 25 Mar 2007 16:39:04 -0700 Date: Sun, 25 Mar 2007 16:39:04 -0700 From: Gregory Nowak To: "Speakup is a screen review system for Linux." Subject: Re: iptables? Message-ID: <20070325233903.GB20873@localhost.localdomain> References: <00bc01c76f2e$1156d2f0$6701a8c0@blanchew2fs98i> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <00bc01c76f2e$1156d2f0$6701a8c0@blanchew2fs98i> X-PGP-Key: http://www.romuald.net.eu.org/pubkey.asc User-Agent: Mutt/1.5.13 (2006-08-11) X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Mar 2007 23:39:36 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think I see the problem. Basically, you want to use --dport, instead of --sport. For example, the way you have it now: iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT means that you'd be accepting connections with source ports 20:22. If I understand tcp/ip correctly, that could never happen with those ports, I think they're used only for responding to already initiated connections. So, if what you want to do is to allow connections on ports 20:22 in this example into your box, use --dport. Greg On Sun, Mar 25, 2007 at 03:36:43PM -0700, Littlefield, Tyler wrote: > Hello list, > I've got the following iptables set. > iptables -F > iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT > iptables -A INPUT -p tcp --sport 80 -j ACCEPT > iptables -A INPUT -p tcp --sport 110 -j ACCEPT > iptables -A INPUT -p tcp --sport 3784 -j ACCEPT > iptables -A INPUT -p tcp --sport 443 -j ACCEPT > iptables -A INPUT -p tcp --sport 6666:6670 -j ACCEPT > iptables -A INPUT -p tcp --sport 10000 -j ACCEPT > iptables -A INPUT -p tcp --sport 20000 -j ACCEPT > iptables -P INPUT DROP > iptables -P OUTPUT ACCEPT > I'm dmzed, and when I run this, it puts everything to filter. > Any idea what I'm doing wrong? > Thanks, > ~~TheCreator~~ > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager@EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGBwgX7s9z/XlyUyARAsCLAJ97NBM9eFYvQtGXAtO205j37fTk1gCfW+HS ArSXMxhPWyq79WeX8FnJ8y4= =Em7O -----END PGP SIGNATURE-----