iptables syntax question: multiple protocols

iptables syntax question: multiple protocols

Post by David Klawit » Sat, 28 Jun 2003 23:08:42



Greetings,

Im not seeing in practice, what I read in a book.  I am trying to
consolidate a couple of lines of code, but they dont register.

Here is working code:

$IPT -N P2P_DROP
$IPT -A P2P_DROP -j LOG --log-prefix "IPT P2P_SHARING: " $LOGOPT
$IPT -A P2P_DROP -j DROP

$IPT -N P2P_SHARING
$IPT -A P2P_SHARING -p tcp --dport 1214 -j P2P_DROP       # Kazaa
$IPT -A P2P_SHARING -p udp --dport 1214 -j P2P_DROP       # Kazaa
$IPT -A P2P_SHARING -p tcp --dport 6346:6347 -j P2P_DROP  # Gnutella
$IPT -A P2P_SHARING -p udp --dport 6346:6347 -j P2P_DROP  # Gnutella

and it produces the following results:

Chain P2P_DROP (4 references)
target     prot opt source               destination        
LOG        all  --  anywhere             anywhere     <limit: ...>
DROP       all  --  anywhere             anywhere          

Chain P2P_SHARING (1 references)
target     prot opt source               destination        
P2P_DROP   tcp  --  anywhere             anywhere           tcp
dpt:1214
P2P_DROP   udp  --  anywhere             anywhere           udp
dpt:1214
P2P_DROP   tcp  --  anywhere             anywhere           tcp
dpts:6346:6347
P2P_DROP   udp  --  anywhere             anywhere           udp
dpts:6346:6347

- - - - - -  -

Here is what I thought I should be able to do:

$IPT -N P2P_DROP
$IPT -A P2P_DROP -j LOG --log-prefix "IPT P2P_SHARING: " $LOGOPT
$IPT -A P2P_DROP -j DROP

$IPT -N P2P_SHARING
$IPT -A P2P_SHARING -p tcp,udp --dport 1214 -j P2P_DROP       # Kazaa
$IPT -A P2P_SHARING -p tcp,upd --dport 6346:6347 -j P2P_DROP  #
Gnutella

and here are the results I get:

Chain P2P_DROP (0 references)
target     prot opt source               destination        
LOG        all  --  anywhere             anywhere     <limit: ...>
DROP       all  --  anywhere             anywhere          

Chain P2P_SHARING (1 references)
target     prot opt source               destination        

- - - -

So, why is it that trying to specify multiple protocols causes the
code to fail?

 
 
 

1. ipchains to iptables syntax question

I've got this rule that forwards port 23 to port 4000 on the same
machine (1 NIC).

Here's how I always did it w/ ipchains:
$IPCHAINS -A input -p TCP -d 0.0.0.0/0 23 -j REDIRECT 4000

How can I do it w/ iptables; I've tried a lot of things but I can't
seem to figure out the proper way to get the
preroute/forward/postroute-(masquerade?) syntax to go...

Thanks!
Perry

2. Red Hat 4.0: No LOADLIN - LILO Only! :(

3. multiple protocol routing question

4. UltraSPARC and SPARCcompilers 4.0 Improve Scientific Performance

5. iptables question with multiple interfaces

6. How setup leased line in assyncronous comunications ?????

7. IPTABLES question, multiple rules

8. Is my disk toast?

9. iptables syntax

10. iptables syntax error

11. iptables-restore modified syntax

12. iptables >=1.2.7 weird icmp protocol match

13. Iptables, adsl, some protocols not working