I've had to close some udp ports on my firewall box that were being wrongly
exported. I did it with the following rules:
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT udp ------ localnet/24 anywhere any -> any
ACCEPT udp ------ localhost anywhere any -> any
REJECT udp ------ anywhere anywhere any->1:1024
REJECT udp ------ anywhere anywhere any -> icpv2
This blocks ports 1 - 1024 and 3130 except for the localnet.
Is this the right way to do it?
The services are the udp portions of samba, dhcp and squid (icpv2).
I thought they were binding only to the internal interface but they weren't
how can I stop this. Samba is running from rlinetd and both dhcp and squid
are standalone servers.