On Sun, Aug 05, 2001 at 09:57:29PM -0700, Steve Jardine wrote:
> I find myself in need of using ipchains to block a whole section of ports. Lets
> say, 61000 to 61300. Can anyone offer up a chain script that could accomplish
> this task?
>
> Thanks...
You would find ipchains much easier to use if you:
ipchains-save > ipchains_file
vi ipchains_file and make the edits
ipchains -F; cat ipchains_file | ipchains-restore -f
Examination of the ipchains_file will make it clear what sort of edits you
must do to get what you want. It is quite easy.
For example, the line below blocks all input to ports 6000:6002 using
protocol 6 and on my eth1 card. It logs attempts on those ports.
cat /etc/protocols to see which protocol numbers to use. 6 is tcp, the only
other to worry about is udp.
-A input -s 0.0.0.0/0.0.0.0 -d 24.182.146.18/255.255.255.255 6000:6002 -i
eth1 -p 6 -j DENY -l
Don't worry about syntax mistakes. ipchains-restore will catch them.
Joel
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
