[Firehol-support] Block p2p

Costa Tsaousis costa at tsaousis.gr
Fri Nov 9 00:41:01 GMT 2007

seekuel wrote:
>         route tcp/46501 accept
>         route tcp/47000 accept
>         route tcp/2812 accept
These are wrong.

Check the docs: http://firehol.sourceforge.net/adding.html


*server/client/route custom myservice proto/sports cports accept


    * *myservice* is the name of the service,
    * *proto* is either *tcp*, *udp*, *icmp* - or whatever else iptables
      accepts as protocol, including numeric representations of protocols
    * *sports* is the port number (or port name or port range) the
      server is listening at. To specify port ranges use the iptables
      syntax: i.e. 1000:1010 will match all ports from 1000 to 1010
      The special keyword *any* will match any server port.
    * *cports* is the port (or port name or port range or space
      separated list of ports) clients might use to connect to the
      server. There are two keywords that can be used for *cports*:
          o *any* is a keyword that matches any client port.
          o *default* is a keyword that matches the default client ports
            and it resolves to:
                + if it is used for a localhost client (i.e. client
                  <commands.html#client> within an interface
                  <commands.html#interface>), it resolves to a list of
                  ports as set by the Linux kernel and controlled by the
                  *sysctl* variable *net.ipv4.ip_local_port_range* (or
                + if it is used for a client running at remote host
                  (i.e. server <commands.html#server> within an
                  interface <commands.html#interface> or any kind within
                  a router <commands.html#router>), it resolves to the
                  contents of the FireHOL variable DEFAULT_CLIENT_PORTS


route custom p1 tcp/46501 any accept



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20071109/c2c073db/attachment-0003.html>

More information about the Firehol-support mailing list