Wichita's largest indoor sports and adventure facility. Trampolines, basketball, volleyball, parties and events all under one roof.
First give a -p option like -p tcp or -p udp. Examples: iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j DROP iptables -A INPUT -p udp --dport 53 --sport 1024:65535 -j ACCEPT You could also try -p all but I've never done that and don't find too much support for it in the examples.
with "u32 match ip sport 80" in Linux tc I can match port 80, but how can I match a port range 10000 - 20000 ?
I think this would be solved if you added a -m state --state RELATED,ESTABLISHED -j ACCEPT rule to all the chains. It looks like you may be allowing DNS traffic in one direction only. Alternately, try rules with --sport 53 too.
let's look at these two iptables rules which are often used to allow outgoing DNS: iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A
You should change in your rules from -A OUTPUT -p tcp -m tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT to -A OUTPUT -p tcp -m tcp --sport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT Because your OUTPUT rules block output packets to non-allowed ports, it's allow only access to port 8080. Change --dport to --sport fix this issue.