Re: Problems filtering UDP with Netfilter
<snip>
> iptables -A INPUT --protocol udp -i $DSLIFACE -d $ANYADDR \
> --destination-port :1023 -j REJECT
> iptables -A OUTPUT --protocol udp -o $DSLIFACE -s $ANYADDR \
> --source-port :1023 -j REJECT
all connections to low ports are rejectet at this point. So the next rule
will never match.
you have to put the ACCEPT-line before the REJECT-line
my setup is like this:
ACCEPT
ACCEPT
ACCEPT.....for everything i want to allow
LOG
DROP....all that didn't match so far
>
> # Allow UDP datagrams in and out on the allowed ports
>
> iptables -A INPUT --match multiport --protocol udp -i $DSLIFACE \
> -d $ANYADDR --destination-port $UDP -j ACCEPT
> iptables -A OUTPUT --match multiport --protocol udp -o $DSLIFACE \
> -s $ANYADDR --source-port $UDP -j ACCEPT
>
> I've been searching all over the web for information on Netfilter and
> how I could accomplish my goals with it. So far I've come up with more
> troubleshooting then anything else. I'm hoping that one of you experts
> might have some advice for an apprentice like me :-D
IMHO the only thing you need to read is:
http://netfilter.samba.org/unreliable-guides/
>
>
> Thanks
>
> Stef
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>
Reply to: