On Fri, 22 Oct 2004 11:11:50 +0900 Joel <rees@xxxxxxxxxxx> wrote > Can it be done? Okay, as usually happens when I get worn out and through a question to the list, I went back and did another search, and found several pages that indicate the GUI tool cannot do ranges, and it overwrites any changes we make by hand, so we don't want to use the GUI gadget once we get into details like port ranges. > If not, what do most people do when opening the netBIOS ports for samba > (those who use samba, that is)? I assume, even though it only buys a > speedbump, most people only open the netBIOS ports to the local net. So the answer would seem to be hand editing -- > Manual editing of /etc/sysconfig/iptables (in spite of > system-config-securitylevel warning away from that)? > > Incidentally, when adding rules from the shell, I seem to have noticed > that you can't specify multiple protocols and multiple ports in the same > line like > > iptables -A INPUT -p ALL -i eth0 -s 10.5.0.0/22 --destination-port > 137:139 -j ACCEPT > > Seems that -p All and --destination-port start:end conflict with each > other. Am I imagining things? Thanks for listening. -- Joel <rees@xxxxxxxxxxx>
