Hi! I have question about iptables: If I want to block e.g. telnet for my two ippp-devices I do it this way (this works very good :)): iptables -A INPUT -i ippp0 -p tcp --dport 23 -j DROP iptables -A INPUT -i ippp1 -p tcp --dport 23 -j DROP So my question: Is there a way that I don't need to write a rule for every single interface? Something like "iptables -A INPUT -i ippp0,ippp1 -p tcp --dport 23 -j DROP" (I know this does not work) At the moment I use 4 interfaces and I don't like to type all my rules 4 times and of course it's not nice to have such a big firewall-skript... Greedings <da_bug@gmx.net>
On Sun, 30 Dec 2001, da_bug wrote:
Hi!
I have question about iptables:
If I want to block e.g. telnet for my two ippp-devices I do it this way (this works very good :)):
iptables -A INPUT -i ippp0 -p tcp --dport 23 -j DROP iptables -A INPUT -i ippp1 -p tcp --dport 23 -j DROP
So my question: Is there a way that I don't need to write a rule for every single interface?
why don't you try: iptables -A INPUT -p tcp --dport 23 -j DROP AFAIK its not necessary to specify an interface.
Something like "iptables -A INPUT -i ippp0,ippp1 -p tcp --dport 23 -j DROP" (I know this does not work)
Greedings <da_bug@gmx.net>
Gruß, Max
Hi again,
So my question: Is there a way that I don't need to write a rule for every single interface?
To the best of my knowledge, there is no direct way to put up "equal" rules for different interfaces. However, I have written a script for tcsh that takes a list of interfaces and goes through it in a loop. I am sure, it is possible to do it in the bash too, however I haven't tried as my -- Thiemo Kellner Tösstalstrasse 146 CH-8400 Winterthur
da_bug <da_bug@gmx.net> writes:
I have question about iptables:
If I want to block e.g. telnet for my two ippp-devices I do it this way (this works very good :)):
iptables -A INPUT -i ippp0 -p tcp --dport 23 -j DROP iptables -A INPUT -i ippp1 -p tcp --dport 23 -j DROP
So my question: Is there a way that I don't need to write a rule for every single interface?
you could write "iptables -A INPUT -i ippp+ -p tcp --dport 23 -j DROP" This would then apply to all "ippp" interfaces. Similarly, "eth+" applies the rule to all ethernet interfaces.
participants (4)
-
da_bug -
Graham Murray -
Max Lindner -
Thiemo Kellner