how can i filter for a range of ports? I have seen people use 1024:32000 when saying from port 1024 to 32000 but tc doesnt accept this? can somebody tell me how i can do this? -thanks --------------------------------- Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more
On Mon, 14 Apr 2003, Adam Schrader wrote:> how can i filter for a range of ports? I have seen people use 1024:32000 > when saying from port 1024 to 32000 but tc doesnt accept this? can > somebody tell me how i can do this? -thanksYou cannot easyly do this, but there is a solution: You can use a mask != 0xffff for ports. Very probably you must use several lines to cover whole range. So, as an example, for 1024 -> 1279 (1024 + 256 - 1) you can use match tcp sport 1024 0xff00. For 4096 -> 65535 you can use: match tcp sport 4096 0xf000 I think you get the idea. Or you can just use marking.> > > > > --------------------------------- > Do you Yahoo!? > Yahoo! Tax Center - File online, calculators, forms, and more--- Catalin(ux) BOIE catab@deuroconsult.ro _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>> "AS" == Adam Schrader <schrader2k2@yahoo.com> writes:AS> how can i filter for a range of ports? I have seen people use AS> 1024:32000 when saying from port 1024 to 32000 but tc doesnt AS> accept this? can somebody tell me how i can do this? -thanks iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT Should do what you want. iptables is very limited in defining ranges, multiple hosts and similar ranges compares to ipfw2. I hope this will change sometime in the future since it would highly simplify the definitions of large rulesets. /ahnberg. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wednesday 16 April 2003 13:14, Mattias Ahnberg wrote:> >> "AS" == Adam Schrader <schrader2k2@yahoo.com> writes: > > AS> how can i filter for a range of ports? I have seen people use > AS> 1024:32000 when saying from port 1024 to 32000 but tc doesnt > AS> accept this? can somebody tell me how i can do this? -thanks > > iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT > > Should do what you want. iptables is very limited in defining ranges, > multiple hosts and similar ranges compares to ipfw2. I hope this will > change sometime in the future since it would highly simplify the > definitions of large rulesets.There is an iptables patch to do this : http://www.netfilter.org/documentation/pomlist/pom-base.html#mport Example : iptables -A FORWARD -p tcp -m mport --ports 23:42,65 Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/