Network address

13 May 2023, by Goodman. Last update at 29 July 2024

Dedicated addresses

127.0.0.0/8 - loopback address range
10.0.0.0/8 - class A addresses
172.16.0.0/16 - class B addresses
192.168.0.0/16 - class C addresses
224.0.0.0/4 -class D addresses for multicast
240.0.0.0/5 - reserved class E addresses
0.0.0.0 - source broadcast address
255.255.255.255 - destination broadcast address
0:1023 - privileged port numbers
1024:65535 - non-privileged port numbers

Services port list

Open Windows (TCP порт 2000)
X Windows (tcp порт 6000:6063)
Socks (TCP порт 1080)
NFS (UDP/TCP порт 2049)
DNS (UDP/TCP порт 53)
AUTH (TCP порт 113) (inetd)
IMAP (TCP порт 143)
POP3 (TCP порт 110)
SMTP (TCP порт 25)
NNTP (TCP порт 119)(сервер новостей)
Telnet (TCP порт 23)
SSH (TCP порт 22) (513-1023)
FTP (TCP порт 20,21) нормальный
FTP (TCP порт 1024:65535) пасивный
finger (TCP порт 79)
whois (TCP порт 43)
tracerout (UDP порт 33434 (icmp 11 3))
tracerout_src_port="32769:65535"
tracerout_dest_port="33434:33523"
DHCP (UDP порт 67) сервер
DHCP (UDP порт 68) клиент
NTP (UDP порт 123) служба времени

Iptables rule example

#!/bin/sh
IPT="/sbin/iptables"

$IPT -F
$IPT -X

$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT DROP

TCP_PORTS="20,21,1024:65535"
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT


$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
#$IPT -A INPUT -p tcp -m multiport --dport $TCP_PORTS -j ACCEPT
$IPT -A INPUT -p tcp -s 192.168.0.0/24 -m multiport --dport $TCP_PORTS -j ACCEPT
$IPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
$IPT -A INPUT -p udp -s 192.168.0.0/24 -m multiport --dport $TCP_PORTS -j ACCEPT
#$IPT -A FORWARD -i eth1 -o eth0 -s 192.168.15.0/24 -m conntrack --ctstate NEW -j ACCEPT
#$IPT -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#$IPT -A POSTROUTING -t nat -j MASQUERADE