[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: iptables in el4u3 (was Re: ypserv broken(?) in rhel4u3)

From: Aleksandar Milivojevic <alex milivojevic org>
To: nahant-list redhat com
Subject: Re: iptables in el4u3 (was Re: ypserv broken(?) in rhel4u3)
Date: Thu, 09 Mar 2006 15:54:05 -0600

Quoting Daryl Herzmann <akrherz iastate edu>:

With the generous help of a collegue, we were able to get thefirewall working again by adding a '-p tcp' to the entry. So thisnow works:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 834-j ACCEPT
I am not sure what causes this difference. Perhaps others here canenlighten me for I am a mere iptables mortal. :)

The -m tcp option just specifies the module to use. Without -p option,all IP protocols will match above line (udp, tcp, icmp, ah, esp, gre,just to mention few). Many of them do not use ports, so attempting touse --dport with them is illegal. Hence you get error. You can use--dport option only for TCP and UDP packtes, therefore you must have -ptcp or -p udp so that your rule matches only TCP or UDP packets.


As a side note, if you use -p tcp, you can omit -m tcp.  It is implied.

--
See Ya' later, alligator!
http://www.8-P.ca/

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

References:
- ypserv broken(?) in rhel4u3
  - From: Daryl Herzmann
- Re: ypserv broken(?) in rhel4u3
  - From: Waleed Mubark
- Re: ypserv broken(?) in rhel4u3
  - From: Daryl Herzmann
- Re: ypserv broken(?) in rhel4u3
  - From: Stephen J. Smoogen
- Re: ypserv broken(?) in rhel4u3
  - From: Daryl Herzmann
- Re: ypserv broken(?) in rhel4u3
  - From: John Vasileff
- iptables in el4u3 (was Re: ypserv broken(?) in rhel4u3)
  - From: Daryl Herzmann

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]