Hi,

I would like to apply a rule to more that one port at a time with UFW.
For example to open the ports from 1000 to 2000 for a computeur.
I try the folowing syntax :

ufw allow proto tcp from 192.168.3.5 to any port 1000-2000

but 1000-2000 is not a valid port, as well as 1000:2000, 1000,2000, 1000;2000 etc ....
I don't find the syntax in the documentation :confused:

thanks for your help

Have you found an answer??? I am looking for the same))

I'm looking for the same answer

No I did not find the answer, I suppose that UFW is to limited to manage a port range [-(

Have you found the answer at:

https://wiki.ubuntu.com/UbuntuFirewall

Here the syntax is written as:
ufw allow|deny [proto <protocol>] [from <address> [port <port>]] [to <address> [port <port>]]

I would try instead:
ufw allow proto tcp from 192.168.3.5 to any port 1000-2000


this:

ufw allow proto tcp from 192.168.3.5 port 1000 to 192.168.3.5 port 2000

The ufw rule


ufw allow proto tcp from 192.168.3.5 port 1000 to 192.168.3.5 port 2000

will only allow 192.168.3.5 port tcp/2000 to accept traffic from 192.168.3.5 port tcp/1000


You could try something like


-A ufw-before-input -p udp -m udp --dport 1000:2000 -j ACCEPT


in /etc/ufw/before.rules


You will probably need a better rule than this example - this will open up every udp port between 1000 and 2000 to everyone!

Looks like a port range support is being worked on at the moment, but not working in my Ubuntu Hardy yet:

http://bazaar.launchpad.net/~jdstrand/ufw/trunk/revision/185

my current solution has been to do this:


for i in `seq 1000 2000`; do
ufw allow $i
done


realizing that this will put a thousand rules into your ufw config, but at least it gets the job done.

Gufw version 0.20.0 allows you to insert port range (ufw will too). it hasn't been released yet. That is, if you prefer to configure ufw in a GUI.

http://gufw.tuxfamily.org

Gufw version 0.20.0 allows you to insert port range (ufw will too). it hasn't been released yet. That is, if you prefer to configure ufw in a GUI.

http://gufw.tuxfamily.org

deb is available for the above though. makes ufw even easier than it already is. Thanks

Hi,

I would like to apply a rule to more that one port at a time with UFW.
For example to open the ports from 1000 to 2000 for a computeur.
I try the folowing syntax :

ufw allow proto tcp from 192.168.3.5 to any port 1000-2000

but 1000-2000 is not a valid port, as well as 1000:2000, 1000,2000, 1000;2000 etc ....
I don't find the syntax in the documentation :confused:

thanks for your help

This works in 9.04
ufw allow proto tcp to any port 1000:2000

Looks like UFW uses iptables so the syntax should be the same as IPTABLES. A range is 6000:6063 for X11. In IPTABLES the range has to prefixed by source ports and/or destination ports.

You also can control the TCP/UDP port range used by the kernel with

## Local port range for TCP/UDP connections
if [ -e /proc/sys/net/ipv4/ip_local_port_range ]; then
echo -e "1024\t63000" > /proc/sys/net/ipv4/ip_local_port_range
fi


In this case, I start with 1024 and go to port 63000. \t is a tab. Unfortunately, I don't remember if this is the range that "NAT" uses or not.