Why not use:
PHP Code:
iptables -I INPUT 1 -p tcp --syn -i "$1" --dport 10000:11000 -j ACCEPT
instead of:
PHP Code:
for P in 10000:11000; do
iptables -I INPUT 1 -p tcp --syn -i "$1" --dport $P -j ACCEPT
done
Finally, are you sure that rtorrent needs that much ports to be opened? I guess the default value is something like 4-10 ports.
Actually I suggest the following rework of the minimalistic post-firewall file:
PHP Code:
#! /bin/sh
## FIREWALL
## set default policy
iptables -P INPUT DROP
# remove last default rule
iptables -D INPUT -j DROP
## Allow access to various router services from WAN
## open 10000-11000 for rtorrent
iptables -A INPUT -p tcp --syn -i "$1" --dport 10000:11000 -j ACCEPT
This allows painless addition of the new rules in the end of the INPUT chain which is generally more correct way in comparison with inserting them in the beginning.
However, strictly speaking this method implies a requirement to set: Internet Firewall - Basic Config - Logged packets type: NONE
Reply With Quote
