Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 28816 - Missing -p tcp in iptables example
Summary: Missing -p tcp in iptables example
Status: RESOLVED FIXED
Alias: None
Product: [OLD] Docs-user
Classification: Unclassified
Component: Gentoo Security Guide (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Benny Chuang (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-15 12:50 UTC by Sune Kloppenborg Jeppesen
Modified: 2003-09-18 01:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
patch for 28816 & 28817 (gentoo-security.patch,1.35 KB, patch)
2003-09-15 17:18 UTC, Benny Chuang (RETIRED) 		Details | Diff
patch for Bug 28816, 28817 and 28841 (gentoo-security.patch,25.42 KB, patch)
2003-09-16 02:51 UTC, Benny Chuang (RETIRED) 		Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen 2003-09-15 12:50:44 UTC 
$IPTABLES -A allow-ssh-traffic-in -m state --state RELATED,ESTABLISHED --dport ssh -j 
ACCEPT 
 
Results in: 
iptables v1.2.8: Unknown arg `--dport' 
Try `iptables -h' or 'iptables --help' for more information. 
 
The correct example is: 
$IPTABLES -A allow-ssh-traffic-in -m state --state RELATED,ESTABLISHED -p tcp --dport 
ssh -j ACCEPT
Comment 1 Sune Kloppenborg Jeppesen 2003-09-15 13:10:28 UTC 
I only have access to an old konqueror and dillo browser and both seem unable to 
post the patch file so I just copy pasted it below: 
 
 
 
--- gentoo-security-1.15.xml    2003-09-15 20:37:04.000000000 +0200 
+++ gentoo-security-iptables.xml        2003-09-15 19:29:55.000000000 +0200 
@@ -2583,7 +2583,7 @@ 
       ALL FIN --dport ssh -j ACCEPT 
   $IPTABLES -A allow-ssh-traffic-in -m limit --limit 1/second -p tcp --tcp-flags \ 
       ALL SYN --dport ssh -j ACCEPT 
-  $IPTABLES -A allow-ssh-traffic-in -m state --state RELATED,ESTABLISHED 
--dport ssh -j ACCEPT 
+  $IPTABLES -A allow-ssh-traffic-in -m state --state RELATED,ESTABLISHED -p 
tcp --dport ssh -j ACCEPT 
 
   #outgoing traffic 
   einfo "Creating outgoing ssh traffic chain"
Comment 2 Benny Chuang (RETIRED) gentoo-dev 2003-09-15 17:18:37 UTC 
Created attachment 17783 [details, diff]
patch for 28816 & 28817
Comment 3 Benny Chuang (RETIRED) gentoo-dev 2003-09-15 17:20:32 UTC 
Please review the patch
Comment 4 Benny Chuang (RETIRED) gentoo-dev 2003-09-16 02:51:54 UTC 
Created attachment 17794 [details, diff]
patch for Bug 28816, 28817 and 28841
Comment 5 Benny Chuang (RETIRED) gentoo-dev 2003-09-16 02:52:36 UTC 
Please review the patch
Comment 6 Sven Vermeulen (RETIRED) gentoo-dev 2003-09-18 01:02:56 UTC 
Patch is fine. Reviewed.
Comment 7 Benny Chuang (RETIRED) gentoo-dev 2003-09-18 01:07:04 UTC 
committed! thanks for your notification and patches :)