Согласно iptables-расширениям человека можно определить диапазон портов только при помощи - dport переключатель.
tcp
Эти расширения могут использоваться, если '-протокол tcp' указан. Это предоставляет следующие возможности:
[!] - целевой порт, - dport порт [: порт]
Целевой порт или порт спецификация диапазона. Флаг - dport является удобным псевдонимом для этой опции.
, Таким образом, это также указывает диапазон портов:
iptables -A INPUT -p tcp 1000:2000 -j ACCEPT
I've had to clone several cloud based servers, here's my approach:
Stop any running services that you can. If that's not an option, you'll need to do db dumps and backups separately (i.e. anything that uses mysql, redis, solr, etc.)
create a directory in the root i.e. /x
mount /dev/sda1 (or xvda1 or whatever your root system partition is) on /x (as you can have one device mounted to two different points at the same time.) The value here is that you won't get errors for the devices in /proc, etc. If you're using lvm, a snapshot works great for this too.
At this point, you have a few options. If your server has enough disk space, simply make a directory /y and do
tar -zcvf --exclude '/x/*' --exclude '/y/*' /y/root.tar.gz /x/
If you don't, then you can shoot it to another node via ssh:
tar -zcvf - /x/ |ssh -i /blah.pem user@someplace.net 'cat - > /tmp/root.tar.gz'
Either route you go, you can then download the tarball.
Last and probably easiest, but not ideal in my mind, is to simply rsync the /x/ directory to your local machine.
Whatever route you go, if you have large databases or kruft you don't need, you save time by excluding them from the tar process (simply copying a running db can cause the db copy to be corrupted.)