Block a range of ports

HI,
I want to block a range of ports (6000-8000) are not to be used by
any applications(tcp/udp). My system has an tcp offload engine that may
use these reserved ports.
How do i do that??. Any suggestions??. I am using linux kernel 2.6.9.
Thx

remo wrote:
> HI,
> I want to block a range of ports (6000-8000) are not to be used by
> any applications(tcp/udp). My system has an tcp offload engine that may
> use these reserved ports.
> How do i do that??. Any suggestions??. I am using linux kernel 2.6.9.
> Thx
>

iptables -A INPUT -i <external device> --dport 6000:8000 -j DROP

Eric

Eric Teuber <(E-Mail Removed)> wrote in news:dcb9f5$891$(E-Mail Removed):

> remo wrote:
>> HI,
>> I want to block a range of ports (6000-8000) are not to be used by
>> any applications(tcp/udp). My system has an tcp offload engine that
>> may use these reserved ports.
>> How do i do that??. Any suggestions??. I am using linux kernel 2.6.9.
>> Thx
>>
>
> iptables -A INPUT -i <external device> --dport 6000:8000 -j DROP
>
> Eric
>

I understood him to mean that he didn't want to block the ports
connectivity. Rather he wants to reserve the ports for a special
purpose.

Klazmon.

Yes for klazmon. Basically, i have a TCP/IP stack with my ethernet
processor like a TOE and i have a host processor that interacts with
ethernet chip through HI and it can send and receive the packets
using the same MAC and IP. So i will have a tunneling at my ethernet
TCP/IP stack in netfilter/iptables modules that would route the packet
to the host if the packets are not for TOE. The host also runs on
linux. So i want a way that if the host processor tries to use these
reserved ports, linux os needs to return an error.
Thanks

remo wrote:
> Yes for klazmon. Basically, i have a TCP/IP stack with my ethernet
> processor like a TOE and i have a host processor that interacts with
> ethernet chip through HI and it can send and receive the packets
> using the same MAC and IP. So i will have a tunneling at my ethernet
> TCP/IP stack in netfilter/iptables modules that would route the packet
> to the host if the packets are not for TOE.

? TOE, HI ??? (please explain).

> The host also runs on
> linux. So i want a way that if the host processor tries to use these
> reserved ports, linux os needs to return an error.
> Thanks
>

?

iptables offers a lot of features, such as MAC address matching and is
also able to reject/accept traffic of certain ports for specific
destinations.

Eric Teuber <(E-Mail Removed)> wrote in news:dchm97$lbu$(E-Mail Removed):

> remo wrote:
>> Yes for klazmon. Basically, i have a TCP/IP stack with my ethernet
>> processor like a TOE and i have a host processor that interacts with
>> ethernet chip through HI and it can send and receive the packets
>> using the same MAC and IP. So i will have a tunneling at my ethernet
>> TCP/IP stack in netfilter/iptables modules that would route the
>> packet to the host if the packets are not for TOE.
>
> ? TOE, HI ??? (please explain).
>
>> The host also runs on
>> linux. So i want a way that if the host processor tries to use these
>> reserved ports, linux os needs to return an error.
>> Thanks
>>
>
> ?
>
> iptables offers a lot of features, such as MAC address matching and is
> also able to reject/accept traffic of certain ports for specific
> destinations.

In this case he may not be able to distinquish by destination. I believe
he wants the source ports assigned by the kernel to be restricted based
on the application. I have no idea if it is possible to do this. Maybe
modify the kernel himself.

Klazmon.