Re: review of hardening guide

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2005-04-02 at 21:50 -0800, tuxxer wrote:
> On Wed, 2005-03-30 at 22:17 -0800, Rahul Sundaram wrote:
> [BIIIIG Snip]
> 
> > 
> > http://members.cox.net/tuxxer/iptables-fw-config.html
> > 
> > it is possible to provide a port range here. More
> > information is available in the redhat docs.
> > redhat.com/docs. 
> 
> Where?  I've looked in the RH documentation, the Security guide etc.
> I've run a couple searches.  I've tried all of the "standard" range
> indicators (-:;,) ....
> 
> I'll continue to google it, to see if I find anything, but if you have a
> specific link, that would be great!

I've read the Python code to the extent I'm able, and it *doesn't*
appear to be possible. Colons are recognized as a token to separate
ports and protocols, but other than that, only the first series of
numerals up to any non-numeral will be used as a port designator. In
other words, if you enter something like 9990-9999:tcp, no error gets
thrown, but what iptables will get is "--port 9990:tcp".  Of course the
iptables command will take ranges, but not system-config-securitylevel.

Rahul, from what source are you deriving this?

-- 
Paul W. Frields, RHCE


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Red Hat 9]     [Yosemite News]     [KDE Users]

  Powered by Linux