topic Re: ports in Operating System - Linux

ports

RobertClark — Wed, 04 Jul 2007 03:12:08 GMT

How can i add rule for dynamic ports in iptables , am not sure of the the ports used by services.

Re: ports

Steven E. Protter — Wed, 04 Jul 2007 03:17:12 GMT

Shalom,

iptables -A INPUT -s -p tcp --dport 25 -j DROP

example

iptables -A INPUT -s 192.168.0.10 -p tcp --dport 25 -j DROP

This drops port 25 (smtp) traffic for host 192.168.0.10

Once you are happy with the rules.

service iptables save

Makes them permanent in /etc/sysconfig/iptables

You'd better get a handle on what ports you need open before doing this.

netstat -an | grep LISTEN

Just because the service is listening however does not mean you want to authorize it.

SEP

Re: ports

RobertClark — Wed, 04 Jul 2007 03:50:38 GMT

Thanks !

actually i have to open port, my services use call back routine , which picks up any port

if i use this rule , is it safe , or is there any better way of doing it.

$IPTABLES -A INPUT -p tcp --dport 1024:65535 -j ACCEPT

Re: ports

RobertClark — Thu, 05 Jul 2007 03:34:03 GMT

Hi
Can somebody suggest me how to add entry in iptables to accept connection for all the ports

Please tell me if u need more information

regards
Robert

Re: ports

skt_skt — Fri, 06 Jul 2007 12:46:29 GMT

replace ip range with 0.0.0.0

Re: ports

Heironimus — Fri, 06 Jul 2007 16:59:03 GMT

If you want to allow unrestricted access from a specific host you don't specify a port. Something like "iptables -A INPUT -s 192.168.1.2 -j ACCEPT".

If you want to allow access from any host to any port turn off iptables because you're trying not to use it.

If you have an application that requires random ports from an uncontrolled range you will not be able to run it through a normal firewall and you should talk to your vendor about it.