Wichita's largest indoor sports and adventure facility. Trampolines, basketball, volleyball, parties and events all under one roof.
First give a -p option like -p tcp or -p udp. Examples: iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j DROP iptables -A INPUT -p udp --dport 53 --sport 1024:65535 -j ACCEPT You could also try -p all but I've never done that and don't find too much support for it in the examples.
Also mind the spaces between parenthesis): ss --kill -tn 'dst == 192.0.2.2 and ( sport == 80 or sport == 443 )' (or just the destination, it's about an attacker anyway). Unlike tcpkill this doesn't involve sending custom packets anywhere, it's directly done to the socket using a kernel API.
-A OUTPUT -p tcp -m tcp --sport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT Because your OUTPUT rules block output packets to non-allowed ports, it's allow only access to port 8080.
with "u32 match ip sport 80" in Linux tc I can match port 80, but how can I match a port range 10000 - 20000 ?
let's look at these two iptables rules which are often used to allow outgoing DNS: iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A
Keral I feel same as you I would pee in a field, naked, in front of everyone rather than a public bathroom. No one mentioned possible backsplash effect, where you have the microscopic "dirtiness" of other people that was left on the porcelain inside of a toilet, splashing back at your private area while doing either #1 or #2.