Re: iptables: -p all AND --dport xx (is it possible)

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: iptables: -p all AND --dport xx (is it possible)
From: David Becker <dbecker@xxxxxxxxx>
Date: Wed, 27 Apr 2005 21:58:35 +0200
In-reply-to: <Pine.GSO.4.58.0504252010140.27444@phys-esu0>
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <Pine.GSO.4.58.0504252010140.27444@phys-esu0>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.2-1.3.2 (X11/20050324)

Alan :) wrote:

The following rule can't be applied

iptables -A INPUT -p all --dport 80 -j DROP

the above fails stating that --dport is not recognized.

I'm trying to drop all traffic to port 80. If I provide a specific protocol it works. For example: iptables -A INPUT -p tcp --dport 80 -j DROP

any ideas?

Maybe because using port numbers doesn't make sense for icmp packets, which is included in the rule when using -p all?

Looks like you have to specify two rules, one for tcp and one for udp.

David


-- Alan Angulo
Systems Administrator
Academic Computing
East Stroudsburg University
e-mail: alan@xxxxxxx
Tel: (570) 422-3783

References:
- iptables: -p all AND --dport xx (is it possible)
  - From: Alan :)