[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems filtering UDP with Netfilter

> iptables -A INPUT --protocol udp -i $DSLIFACE -d $ANYADDR \
>     --destination-port :1023 -j REJECT
> iptables -A OUTPUT --protocol udp -o $DSLIFACE -s $ANYADDR \
>     --source-port :1023 -j REJECT

all connections to low ports are rejectet at this point. So the next rule
will never match.
you have to put the ACCEPT-line before the REJECT-line

my setup is like this:

ACCEPT.....for everything i want to allow
DROP....all that didn't match so far

> # Allow UDP datagrams in and out on the allowed ports
> iptables -A INPUT --match multiport --protocol udp -i $DSLIFACE \
>     -d $ANYADDR --destination-port $UDP -j ACCEPT
> iptables -A OUTPUT --match multiport --protocol udp -o $DSLIFACE \
>     -s $ANYADDR --source-port $UDP -j ACCEPT
> I've been searching all over the web for information on Netfilter and
> how I could accomplish my goals with it. So far I've come up with more
> troubleshooting then anything else. I'm hoping that one of you experts
> might have some advice for an apprentice like me :-D

IMHO the only thing you need to read is:


> Thanks
> Stef
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact

Reply to: