[ Solved ] When adding firewall rules, option to add groups of ports
-
For example, in iptables you can do the following
# Allow HTTP, HTTPS, and 8080 TCP streams iptables -A INPUT -p tcp -i eth0 -m multiport --dports 80,443,8080 -j acceptImplementation Ideas:
-
Create separate rules for each port with same other settings (might go well with the "grouping/separation" bounty posted a while back)
-
Add in an alias feature to do this - groups of ports can be assigned an alias. Overlap will be ignored at time of rule creation (eg: ports can be added to more than one alias)
Not knowing how pf works on the backend, I'm not entirely sure this is doable but I figured I'd throw a bounty up none the less.
Note: This is distinctly different than the port range option that already exists.
Pat
-
-
Hello geudrik,
You can do this with Firewall:Aliases,
Define an "Alias" that has the ports you need and reference that "Alias" in your Rules.
Karma is accepted in lieu !! ;) ;) ;)
-
.. how .. how have I missed this ? :o
Cheers! :)
-
-
-
I get the whole alias aspect (I think!). Is there a way to set the protocol for each port when you define the alias?
For my use I would like to use the alias to assist with port forwarding, but I would like them grouped by application in the NAT section. That way I can open and close ports when needed for specific applications.
I use apps that need a variety of TCP and UDP ports forwarded and it makes sense to my mind to have these set together.
Does anyone have any method of doing this, or even reasoning as to why it is the way it is?
Cheers,
rancid
-
Further to my above post, I believe that in 2.x you can create an alias inside another alias, this is almost what I am after. But I still don't think you can then specify different protocols to each 'sub alias' on the NAT/Port forward page - if you get me. Am I making sense?!
Cheers,
rancid
-
Ports do not have any protocol association. That's only on the rules.