diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2022-07-13 08:05:01 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2022-07-14 01:36:05 +0200 |
| commit | 220759efb89ab7f272386db89c9dbbb46e851a4f (patch) | |
| tree | 3baadffcf2d08ce27114ffddc65963ebc0f7e82b /passt.1 | |
| parent | 4de37151c9e5f4d65d8563336159084d393d1bd4 (diff) | |
| download | passt-220759efb89ab7f272386db89c9dbbb46e851a4f.tar passt-220759efb89ab7f272386db89c9dbbb46e851a4f.tar.gz passt-220759efb89ab7f272386db89c9dbbb46e851a4f.tar.bz2 passt-220759efb89ab7f272386db89c9dbbb46e851a4f.tar.lz passt-220759efb89ab7f272386db89c9dbbb46e851a4f.tar.xz passt-220759efb89ab7f272386db89c9dbbb46e851a4f.tar.zst passt-220759efb89ab7f272386db89c9dbbb46e851a4f.zip | |
conf: Allow to specify ranges and ports excluded from given ranges
This is useful in environments where we want to forward a large
number of ports, or all non-ephemeral ones, and some other service
running on the host needs a few selected ports.
I'm using ~ as prefix for the specification of excluded ranges and
ports to avoid the need for explicit command line quoting.
Ranges and ports can be excluded from given ranges by adding them
in the comma-separated list, prefixed by ~. Some quick examples:
-t 5000-6000,~5555: forward ports 5000 to 6000, but not 5555
-t ~20000-20010: forward all non-ephemeral, allowed ports, except
for ports 20000 to 20010
...more details in usage message and man page.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'passt.1')
| -rw-r--r-- | passt.1 | 28 |
1 files changed, 26 insertions, 2 deletions
@@ -306,7 +306,10 @@ For low (< 1024) ports, see \fBNOTES\fR. .BR ports A comma-separated list of ports, optionally ranged with \fI-\fR, and, optionally, with target ports after \fI:\fR, if they differ. Specific addresses -can be bound as well, separated by \fI/\fR. Examples: +can be bound as well, separated by \fI/\fR. Within given ranges, selected ports +and ranges can be excluded by an additional specification prefixed by \fI~\fR. +Specifying excluded ranges only implies that all other ports are forwarded. +Examples: .RS .TP -t 22 @@ -326,6 +329,15 @@ Forward local ports 22 to 80 to corresponding ports on the guest plus 10 .TP -t 192.0.2.1/22 Forward local port 22, bound to 192.0.2.1, to port 22 on the guest +.TP +-t 2000-5000,~3000-3010 +Forward local ports 2000 to 5000, but not 3000 to 3010 +.TP +-t 192.0.2.1/20-30,~25 +Forward local ports 20 to 24, and 26 to 30, bound to 192.0.2.1 +.TP +-t ~20000-20010 +Forward all ports to the guest, except for the range from 20000 to 20010 .RE Default is \fBnone\fR. @@ -368,7 +380,10 @@ periodically derived (every second) from listening sockets reported by .BR ports A comma-separated list of ports, optionally ranged with \fI-\fR, and, optionally, with target ports after \fI:\fR, if they differ. Specific addresses -can be bound as well, separated by \fI/\fR. Examples: +can be bound as well, separated by \fI/\fR. Within given ranges, selected ports +and ranges can be excluded by an additional specification prefixed by \fI~\fR. +Specifying excluded ranges only implies that all other ports are forwarded. +Examples: .RS .TP -t 22 @@ -389,6 +404,15 @@ namespace .TP -t 192.0.2.1/22 Forward local port 22, bound to 192.0.2.1, to port 22 in the target namespace +.TP +-t 2000-5000,~3000-3010 +Forward local ports 2000 to 5000, but not 3000 to 3010 +.TP +-t 192.0.2.1/20-30,~25 +Forward local ports 20 to 24, and 26 to 30, bound to 192.0.2.1 +.TP +-t ~20000-20010 +Forward all ports to the namespace, except for the range from 20000 to 20010 .RE IPv6 bound ports are also forwarded for IPv4. |