UDP firewalling

To: debian-firewall@lists.debian.org
Subject: UDP firewalling
From: Pedro Corte-Real <typo@netcabo.pt>
Date: Mon, 17 Sep 2001 00:28:46 +0100
Message-id: <01091700284600.00385@planck>
Reply-to: debian-firewall@lists.debian.org

I've had to close some udp ports on my firewall box that were being wrongly 
exported. I did it with the following rules:

Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  localnet/24          anywhere             any ->  any
ACCEPT     udp  ------  localhost            anywhere              any ->  any
REJECT     udp  ------  anywhere             anywhere             any->1:1024
REJECT     udp  ------  anywhere             anywhere             any -> icpv2

This blocks ports 1 - 1024 and 3130 except for the localnet.

Is this the right way to do it? 

The services are the udp portions of samba, dhcp and squid (icpv2).
I thought they were binding only to the internal interface but they weren't 
how can I stop this. Samba is running from rlinetd and both dhcp and squid 
are standalone servers. 

Greetings,

Pedro.

Reply to:

Follow-Ups:
- Re: UDP firewalling
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>

Prev by Date: Re: firewall scripts
Next by Date: Ingress filtering
Previous by thread: [no subject]
Next by thread: Re: UDP firewalling
Index(es):
- Date
- Thread