PDA

View Full Version : [ubuntu] UFW : how to manage a port range ?



frederictoulouse
April 28th, 2008, 04:32 PM
Hi,

I would like to apply a rule to more that one port at a time with UFW.
For example to open the ports from 1000 to 2000 for a computeur.
I try the folowing syntax :

ufw allow proto tcp from 192.168.3.5 to any port 1000-2000

but 1000-2000 is not a valid port, as well as 1000:2000, 1000,2000, 1000;2000 etc ....
I don't find the syntax in the documentation :confused:

thanks for your help

RRFarFar
May 13th, 2008, 05:26 AM
Have you found an answer??? I am looking for the same))

pedalwrench
May 14th, 2008, 07:59 PM
I'm looking for the same answer

frederictoulouse
May 20th, 2008, 03:52 PM
No I did not find the answer, I suppose that UFW is to limited to manage a port range [-(

ELMIT
June 28th, 2008, 04:23 AM
Have you found the answer at:

https://wiki.ubuntu.com/UbuntuFirewall

Here the syntax is written as:

ufw allow|deny [proto <protocol>] [from <address> [port <port>]] [to <address> [port <port>]]

I would try instead:
ufw allow proto tcp from 192.168.3.5 to any port 1000-2000


this:


ufw allow proto tcp from 192.168.3.5 port 1000 to 192.168.3.5 port 2000

beazer
July 20th, 2008, 11:02 AM
The ufw rule



ufw allow proto tcp from 192.168.3.5 port 1000 to 192.168.3.5 port 2000

will only allow 192.168.3.5 port tcp/2000 to accept traffic from 192.168.3.5 port tcp/1000


You could try something like



-A ufw-before-input -p udp -m udp --dport 1000:2000 -j ACCEPT


in /etc/ufw/before.rules


You will probably need a better rule than this example - this will open up every udp port between 1000 and 2000 to everyone!

Looks like a port range support is being worked on at the moment, but not working in my Ubuntu Hardy yet:

http://bazaar.launchpad.net/~jdstrand/ufw/trunk/revision/185

Brazen
September 1st, 2008, 08:04 PM
my current solution has been to do this:



for i in `seq 1000 2000`; do
ufw allow $i
done


realizing that this will put a thousand rules into your ufw config, but at least it gets the job done.

rogeriopvl
September 1st, 2008, 08:17 PM
Gufw version 0.20.0 allows you to insert port range (ufw will too). it hasn't been released yet. That is, if you prefer to configure ufw in a GUI.

http://gufw.tuxfamily.org

Thingymebob
September 19th, 2008, 04:17 PM
Gufw version 0.20.0 allows you to insert port range (ufw will too). it hasn't been released yet. That is, if you prefer to configure ufw in a GUI.

http://gufw.tuxfamily.org

deb is available for the above though. makes ufw even easier than it already is. Thanks

guywithcable
July 20th, 2009, 09:37 PM
Hi,

I would like to apply a rule to more that one port at a time with UFW.
For example to open the ports from 1000 to 2000 for a computeur.
I try the folowing syntax :

ufw allow proto tcp from 192.168.3.5 to any port 1000-2000

but 1000-2000 is not a valid port, as well as 1000:2000, 1000,2000, 1000;2000 etc ....
I don't find the syntax in the documentation :confused:

thanks for your help

This works in 9.04

ufw allow proto tcp to any port 1000:2000

lensman3
July 21st, 2009, 05:18 AM
Looks like UFW uses iptables so the syntax should be the same as IPTABLES. A range is 6000:6063 for X11. In IPTABLES the range has to prefixed by source ports and/or destination ports.

You also can control the TCP/UDP port range used by the kernel with

## Local port range for TCP/UDP connections
if [ -e /proc/sys/net/ipv4/ip_local_port_range ]; then
echo -e "1024\t63000" > /proc/sys/net/ipv4/ip_local_port_range
fi


In this case, I start with 1024 and go to port 63000. \t is a tab. Unfortunately, I don't remember if this is the range that "NAT" uses or not.

aebas
February 9th, 2010, 10:12 AM
Hi!

First sorry for my english.

In Hardy you must edit /var/lib/ufw/user.rules and add a rule after the ### RULES ### comment, like this:


*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
### RULES ###

# my own rule. Open tcp range from 55600 to 55799
-A ufw-user-input -p tcp --dport 55600:55799 -j ACCEPT

### tuple ### allow any 80 0.0.0.0/0 any 0.0.0.0/0
-A ufw-user-input -p tcp --dport 80 -j ACCEPT
-A ufw-user-input -p udp --dport 80 -j ACCEPT


### END RULES ###
-A ufw-user-input -j RETURN
-A ufw-user-output -j RETURN
-A ufw-user-forward -j RETURN
COMMIT

tanoloco
April 15th, 2010, 11:22 AM
This syntax, just for example, works with ufw 0.29-4ubuntu1 on karmic


sudo ufw allow proto tcp from any to any port 80,443,8080:8090see this link for reference:

http://manpages.ubuntu.com/manpages/karmic/man8/ufw.8.html

Cheers