Results 1 to 3 of 3

Thread: iptables port range

  1. #1
    Join Date
    Aug 2011
    Beans
    109
    Distro
    Ubuntu 14.04 Trusty Tahr

    iptables port range

    How is the port range defined in iptables let say I use the following command, will the port 1024-1050 be open or will it be 1024-1049?
    PHP Code:
    iptables --dport 1024:1050 

  2. #2
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    3,509
    Distro
    Ubuntu Development Release

    Re: iptables port range

    The port range is inclusive, so in your example would apply to ports 1024-1050.
    However, I think your example is incomplete (I didn't actually try it), and unlikely to work. Here is a example (which, also, I didn't actually try) to block UDP for ports 1024 thru 1028:
    Code:
    sudo iptables -A INPUT -p udp -m udp --dport 1026:1028 -j DROP

  3. #3
    Join Date
    Sep 2009
    Location
    Pennsylvania, USA
    Beans
    523
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: iptables port range

    The command to ban a port range is:
    Code:
    sudo iptables -A INPUT -p [protocol] --dport rangestart:rangeend -j DROP
    I would suggest though you do this instead, and use REJECT instead of DROP, using the ports you identified in your original post:
    Code:
    sudo iptables -A INPUT -p [protocol] --dport 1026:1028 -j REJECT --reject-with icmp-port-unreachable
    What this command will do is send a "Port Unreachable" ICMP response, rather than just timing out at the end-user's end.

    Remember to block the protocols, both TCP and UDP. (replace [protocol] in each with tcp and udp, running the command twice, once for TCP, once for UDP)
    Last edited by teward; June 5th, 2012 at 08:33 PM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •