[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Problems filtering UDP with Netfilter



I'm attempting to filter all UDP datagrams under the 1023 port range.
When I use the script below I cannot ping my ISP's web site or even surf
the net. DO I have a malformed chain or am I missing an essential
service?

#!/bin/sh
PATH=/sbin
DSLIFACE="eth0"
ANYADDR="0/0"
UDP="domain,www,pop3"

#Clear the table, prep for a new ruleset.

iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# UDP --incoming and outgoing rules

# reject all well know UDP ports and services in both directions

iptables -A INPUT --protocol udp -i $DSLIFACE -d $ANYADDR \
    --destination-port :1023 -j REJECT
iptables -A OUTPUT --protocol udp -o $DSLIFACE -s $ANYADDR \
    --source-port :1023 -j REJECT

# Allow UDP datagrams in and out on the allowed ports

iptables -A INPUT --match multiport --protocol udp -i $DSLIFACE \
    -d $ANYADDR --destination-port $UDP -j ACCEPT
iptables -A OUTPUT --match multiport --protocol udp -o $DSLIFACE \
    -s $ANYADDR --source-port $UDP -j ACCEPT

I've been searching all over the web for information on Netfilter and
how I could accomplish my goals with it. So far I've come up with more
troubleshooting then anything else. I'm hoping that one of you experts
might have some advice for an apprentice like me :-D


Thanks

Stef




Reply to: