Re: Problems filtering UDP with Netfilter

To: <debian-firewall@lists.debian.org>
Subject: Re: Problems filtering UDP with Netfilter
From: "pascal weller" <pascal@access.unizh.ch>
Date: Fri, 8 Jun 2001 15:41:44 +0200
Message-id: <008201c0f020$c24511a0$4d00a8c0@shiva>
References: <3B200E7A.B7B525C4@telusplanet.net>

<snip>
> iptables -A INPUT --protocol udp -i $DSLIFACE -d $ANYADDR \
>     --destination-port :1023 -j REJECT
> iptables -A OUTPUT --protocol udp -o $DSLIFACE -s $ANYADDR \
>     --source-port :1023 -j REJECT

all connections to low ports are rejectet at this point. So the next rule
will never match.
you have to put the ACCEPT-line before the REJECT-line

my setup is like this:

ACCEPT
ACCEPT
ACCEPT.....for everything i want to allow
LOG
DROP....all that didn't match so far

>
> # Allow UDP datagrams in and out on the allowed ports
>
> iptables -A INPUT --match multiport --protocol udp -i $DSLIFACE \
>     -d $ANYADDR --destination-port $UDP -j ACCEPT
> iptables -A OUTPUT --match multiport --protocol udp -o $DSLIFACE \
>     -s $ANYADDR --source-port $UDP -j ACCEPT
>
> I've been searching all over the web for information on Netfilter and
> how I could accomplish my goals with it. So far I've come up with more
> troubleshooting then anything else. I'm hoping that one of you experts
> might have some advice for an apprentice like me :-D

IMHO the only thing you need to read is:

http://netfilter.samba.org/unreliable-guides/


>
>
> Thanks
>
> Stef
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>

Reply to:

References:
- Problems filtering UDP with Netfilter
  - From: Stefan Srdic <linuxbox@telusplanet.net>

Prev by Date: Re: Problems filtering UDP with Netfilter
Next by Date: Re: Problems filtering UDP with Netfilter
Previous by thread: Re: Problems filtering UDP with Netfilter
Next by thread: Specifying multiple services to Netfilter
Index(es):
- Date
- Thread