I want to open up about 100 ports in a range.
Short of adding 100 files to incoming.d is there a way to set a range of ports there, or should I instead invent a service name and open that service? In that case, how would I define a range of ports for that servive?
Theres a couple of options:
-
Create a new firewall ‘rule’ in
/usr/share/sympl/firewall/rule.d, seeftp.incomingin that directory for a multiport example. You can then touch98-namein/etc/sympl/firewall/incoming.d. -
Create a custom script in
/etc/sympl/firewall/local.d/to the the work for you, and that will get run after the firewall runs, so you can use it to insert custom rules into iptables - you’ll need to use something like this:
#!/bin/bash
iptables -I INPUT 10 -P tcp -m multiport --dports 40000:40099 && exit 0