Good afternoon, Jeffrin, On Tue, 9 Dec 2003, Jeffrin wrote: > hello all, > > iptables -A INPUT -sport 80 -j ACCEPT > > shows error ... > > msservices:~# iptables -A INPUT --sport 80 -j ACCEPT > iptables v1.2.9: Unknown arg `--sport' > Try `iptables -h' or 'iptables --help' for more information. > > please help me ... You haven't specified which protocol. Unlike some firewall types that interpret your request as "please match tcp source port 80 or udp source port 80", iptables requires you to specify which protocol, and make two seperate rules if you want to match tcp or udp. Since I assume you're looking to match _tcp_ port 80, try the following: iptables -A INPUT -p tcp -sport 80 -j ACCEPT By the way, this will allow someone to portscan your systems as long as they're using a source port of 80. I'd suggest you look into using the "state" module to remember outgoing connections, and then allow incoming tcp source port 80 traffic _if_ it's part of an extablished connection. Cheers, - Bill --------------------------------------------------------------------------- Having Microsoft give us advice on open standards is like W.C. Fields giving moral advice to the Mormon Tabernacle Choir -- Scott McNealy, Sun Microsystems Inc. (Courtesy of Michael Remski <mremski@xxxxxxxxxxxxx>) -------------------------------------------------------------------------- William Stearns (wstearns@xxxxxxxxx). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org Linux articles at: http://www.opensourcedigest.com --------------------------------------------------------------------------
