Re: Problems filtering UDP with Netfilter

To: Stefan Srdic <linuxbox@telusplanet.net>
Cc: debian-firewall@lists.debian.org
Subject: Re: Problems filtering UDP with Netfilter
From: "Michel D'HOOGE" <michel.dhooge@trialog.com>
Date: Fri, 08 Jun 2001 09:56:50 +0200
Message-id: <3B208542.23895873@trialog.com>
References: <3B200E7A.B7B525C4@telusplanet.net>

Stefan Srdic wrote:
> 
> I'm attempting to filter all UDP datagrams under the 1023 port range.
> When I use the script below I cannot ping my ISP's web site or even surf
> the net. DO I have a malformed chain or am I missing an essential
> service?

[I only know ipchains but there is no reason that the behaviour is
different with iptables]
You're missing the essential fact that as soon as a rule matches, all
the following rules are ignored. You're thinking the other way: "the
last rule that matches prevails".

In another thread that you started, "Laurence J. Lane" wrote:
> I can't really follow what you're trying, but that second reject rule
> blocks outgoing traffic. (Use iptables -n -v -L to see the list of
> rules and a count of the packets that each affect.) You probably want to
> accept outbound traffic for specific ports before rejecting any.
                                              ^
----------------------------------------------!
 

> > > Try "#!/bin/sh -x" instead.

BTW, "man sh" explains -x on the second page!

Reply to:

Follow-Ups:
- Re: Problems filtering UDP with Netfilter
  - From: Stefan Srdic <linuxbox@telusplanet.net>

References:
- Problems filtering UDP with Netfilter
  - From: Stefan Srdic <linuxbox@telusplanet.net>

Prev by Date: Re: Building Debian firewall
Next by Date: Re: Problems filtering UDP with Netfilter
Previous by thread: Problems filtering UDP with Netfilter
Next by thread: Re: Problems filtering UDP with Netfilter
Index(es):
- Date
- Thread