[NCLUG] UDP and iptables

William Dan Terry william.terry at knotworks.com
Fri Sep 5 09:17:07 MDT 2003


I've got KRUD 9 with iptables as follows:

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
#-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 166.93.1.3 --sport 53 -d 0/0 -j
ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 166.93.8.2 --sport 53 -d 0/0 -j
ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

When testing from http://scan.sygatetech.com/ (easy scan from outside my
network) TCP is protected the way I want. However, UPD gets the
following type notes:

FTP
21
CLOSED
This port has responded to our probes. This means that you are not
running any application on this port, but it is still possible for
someone to crash your computer through known TCP/IP stack
vulnerabilities.

It looks like UPD is as closed as iptables offers but I'm still learning
iptables. Am I right? Or is there something else I can do?

Peace, William

___________W__i__l__l__i__a__m_____D__a__n_____T__e__r__r__y___________
How do we acquire wisdom along with all these shiny things? -David Brin

    PGP public key:     http://www.knotworks.com/wdt_pgp_pubkey.asc
    fingerprint: BE50 6158 80F3 78FF 16B1  C85F 7CCB 3FEB 5485 56E5



More information about the NCLUG mailing list