[Firehol-support] Block p2p
Costa Tsaousis
costa at tsaousis.gr
Fri Nov 9 00:41:01 GMT 2007
seekuel wrote:
>
> route tcp/46501 accept
> route tcp/47000 accept
> route tcp/2812 accept
These are wrong.
Check the docs: http://firehol.sourceforge.net/adding.html
Template:
*server/client/route custom myservice proto/sports cports accept
*Where:
* *myservice* is the name of the service,
* *proto* is either *tcp*, *udp*, *icmp* - or whatever else iptables
accepts as protocol, including numeric representations of protocols
* *sports* is the port number (or port name or port range) the
server is listening at. To specify port ranges use the iptables
syntax: i.e. 1000:1010 will match all ports from 1000 to 1010
inclusive.
The special keyword *any* will match any server port.
* *cports* is the port (or port name or port range or space
separated list of ports) clients might use to connect to the
server. There are two keywords that can be used for *cports*:
o *any* is a keyword that matches any client port.
o *default* is a keyword that matches the default client ports
and it resolves to:
+ if it is used for a localhost client (i.e. client
<commands.html#client> within an interface
<commands.html#interface>), it resolves to a list of
ports as set by the Linux kernel and controlled by the
*sysctl* variable *net.ipv4.ip_local_port_range* (or
*/proc/sys/net/ipv4/ip_local_port_range*),
+ if it is used for a client running at remote host
(i.e. server <commands.html#server> within an
interface <commands.html#interface> or any kind within
a router <commands.html#router>), it resolves to the
contents of the FireHOL variable DEFAULT_CLIENT_PORTS
<commands.html#DEFAULT_CLIENT_PORTS>.
Example:
route custom p1 tcp/46501 any accept
Costa
*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20071109/c2c073db/attachment-0003.html>
More information about the Firehol-support
mailing list