next up previous contents
Next: The Direction Operator Up: Rules Headers Previous: IP Addresses   Contents

Port Numbers

Port numbers may be specified in a number of ways, including any ports, static port definitions, ranges, and by negation. Any ports are a wildcard value, meaning literally any port. Static ports are indicated by a single port number, such as 111 for portmapper, 23 for telnet, or 80 for http, etc. Port ranges are indicated with the range operator :. The range operator may be applied in a number of ways to take on different meanings, such as in Figure 3.4.

Figure 3.4: Port Range Examples
\begin{figure}\begin{verbatim}log udp any any -> 192.168.1.0/24 1:1024\end{ve... ... or equal to 1024 going to ports greater than or equal to 500 \par\end{figure}

Port negation is indicated by using the negation operator !. The negation operator may be applied against any of the other rule types (except any, which would translate to none, how Zen...). For example, if for some twisted reason you wanted to log everything except the X Windows ports, you could do something like the rule in Figure 3.5.

Figure 3.5: Example of Port Negation
\begin{figure}\begin{verbatim}log tcp any any -> 192.168.1.0/24 !6000:6010\end{verbatim} \par\end{figure}

next up previous contents
Next: The Direction Operator Up: Rules Headers Previous: IP Addresses   Contents
Eugene Misnik 2013-05-08