|
osdir.com mailing list archive |
|
Subject: Re: mport trouble - msg#00008List: debian.devel.firewallHash: SHA1 Bastian Blank wrote: > On Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote: > > Get a name. > > >>Ok, that makes perfect sense. We haven't told it which port, but at >>least our installation supports mport. >> >>$ iptables -A FORWARD -p tcp -m mport --dports 22 -j ACCEPT >>iptables: No chain/target/match by that name >>$ > > > Where did you found the information that mport supports --dports? The > iptables manpage specifies --destination-ports since many years. > > Bastian > Same message. Plus, out of the manpage (sorry for wrapping) mport This module matches a set of source or destination ports. Up to 15 ports can be specified. It can only be used in conjunction with -p tcp or -p udp. --source-ports port[,port[,port...]] Match if the source port is one of the given ports. The flag --sports is a convenient alias for this option. --destination-ports port[,port[,port...]] Match if the destination port is one of the given ports. The flag --dports is a convenient alias for this option. --ports port[,port[,port...]] Match if the both the source and destination ports are equal to each other and to one of the given ports. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFC8b8KV63eDkW7v4cRApC5AJ0f1ZWgieMRi5j8INMeLbdeumDjTQCeJiuD Zvq9ejnKSAA1rwx4oWP3OlA= =2QfH -----END PGP SIGNATURE----- Thread at a glance:
Previous Message by Date: click to view message previewRe: mport troubleOn Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote: Get a name. > Ok, that makes perfect sense. We haven't told it which port, but at > least our installation supports mport. > > $ iptables -A FORWARD -p tcp -m mport --dports 22 -j ACCEPT > iptables: No chain/target/match by that name > $ Where did you found the information that mport supports --dports? The iptables manpage specifies --destination-ports since many years. Bastian -- Without facts, the decision cannot be made logically. You must rely on your human intuition. -- Spock, "Assignment: Earth", stardate unknown signature.asc Description: Digital signature Next Message by Date: click to view message previewRe: mport troubleOn 8/4/05, Bastian Blank <waldi@xxxxxxxxxx> wrote: > On Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote: > > $ iptables -A FORWARD -p tcp -m mport --dports 22 -j ACCEPT > > iptables: No chain/target/match by that name > > $ > > Where did you found the information that mport supports --dports? The > iptables manpage specifies --destination-ports since many years. The manpage only talks about multiport, not mport. I wish to use mport to specify ranges. I got the information from the following: $ iptables -m mport --help iptables v1.2.11 [snip] mport v1.2.11 options: --source-ports port[,port:port,port...] --sports ... match source port(s) --destination-ports port[,port:port,port...] --dports ... match destination port(s) --ports port[,port:port,port] match both source and destination port(s) $ Also, by the way: $ iptables -A FORWARD -p tcp -m mport --destination-ports 22 -j ACCEPT iptables: No chain/target/match by that name $ It seems mport isn't even supported, but then I'd expect the following to result in the same error: $ iptables -A FORWARD -p tcp -m mport iptables v1.2.11: mport expects an option Try `iptables -h' or 'iptables --help' for more information. $ iptables -A FORWARD -p tcp -m nosuchmatchiniptables iptables v1.2.11: Couldn't load match `nosuchmatchiniptables':/lib/iptables/libipt_nosuchmatchiniptables.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. $ Previous Message by Thread: click to view message previewRe: mport troubleOn Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote: Get a name. > Ok, that makes perfect sense. We haven't told it which port, but at > least our installation supports mport. > > $ iptables -A FORWARD -p tcp -m mport --dports 22 -j ACCEPT > iptables: No chain/target/match by that name > $ Where did you found the information that mport supports --dports? The iptables manpage specifies --destination-ports since many years. Bastian -- Without facts, the decision cannot be made logically. You must rely on your human intuition. -- Spock, "Assignment: Earth", stardate unknown signature.asc Description: Digital signature Next Message by Thread: click to view message previewRe: mport troubleOn 8/4/05, Bastian Blank <waldi@xxxxxxxxxx> wrote: > On Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote: > > $ iptables -A FORWARD -p tcp -m mport --dports 22 -j ACCEPT > > iptables: No chain/target/match by that name > > $ > > Where did you found the information that mport supports --dports? The > iptables manpage specifies --destination-ports since many years. The manpage only talks about multiport, not mport. I wish to use mport to specify ranges. I got the information from the following: $ iptables -m mport --help iptables v1.2.11 [snip] mport v1.2.11 options: --source-ports port[,port:port,port...] --sports ... match source port(s) --destination-ports port[,port:port,port...] --dports ... match destination port(s) --ports port[,port:port,port] match both source and destination port(s) $ Also, by the way: $ iptables -A FORWARD -p tcp -m mport --destination-ports 22 -j ACCEPT iptables: No chain/target/match by that name $ It seems mport isn't even supported, but then I'd expect the following to result in the same error: $ iptables -A FORWARD -p tcp -m mport iptables v1.2.11: mport expects an option Try `iptables -h' or 'iptables --help' for more information. $ iptables -A FORWARD -p tcp -m nosuchmatchiniptables iptables v1.2.11: Couldn't load match `nosuchmatchiniptables':/lib/iptables/libipt_nosuchmatchiniptables.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. $ Loading Comments...
|
|
