iptables: -p all AND --dport xx (is it possible)

David Becker dbecker at online.nl
Wed Apr 27 19:58:35 UTC 2005


Alan :) wrote:
> The following rule can't be applied
> 
> iptables -A INPUT -p all --dport 80 -j DROP
> 
> the above fails stating that --dport is not recognized.
> 
> I'm trying to drop all traffic to port 80. If I provide a specific protocol it works. For example: iptables -A INPUT -p tcp --dport 80 -j DROP
> 
> any ideas?

Maybe because using port numbers doesn't make sense for icmp packets, 
which is included in the rule when using -p all?

Looks like you have to specify two rules, one for tcp and one for udp.

	David
> 
> -- Alan Angulo
> Systems Administrator
> Academic Computing
> East Stroudsburg University
> e-mail: alan at esu.edu
> Tel: (570) 422-3783
> 




More information about the fedora-list mailing list