Why can't I block all protocols on a certain port? [Archive]

Click to See Complete Forum and Search --> : Why can't I block all protocols on a certain port?

asden

10-12-2002, 12:29 PM

I'm trying to configure my filter table, but when I issue the command:

iptables -t filter -A INPUT -i ppp0 -s 0/0 -p all --destination-port 0:1023 -j DROP

I get the error message:

iptables v1.2.5: Unknown arg '--destination-port'

But when I issue the command:

iptables -t filter -A INPUT -i ppp0 -s 0/0 -p tcp --destination-port 0:1023 -j DROP

The command is accepted and does its job?

The only difference between the two commands is [-p all] and [-p tcp]... why can't I block all protocols incoming on these ports?

baldguy

10-12-2002, 02:35 PM

why do you have the protocol flag (-p) if you don't want to specify a protocol?

asden

10-12-2002, 02:46 PM

I want to specify ALL protocols... I understand that not specifying any protocol causes the option to default to "all", but if I leave the protocol flag off completely, I get the same error:

iptables -t filter -A INPUT -i ppp0 -s 0/0 --destination-port 0:1023 -j DROP
"iptables v1.2.5: Unknown arg '--destination-port' "

baldguy

10-12-2002, 02:55 PM

Doh, ports are only available in tcp and udp. So if you don't specify
-p tcp or -p udp
then
--dport or --destination-port
won't be available