* Pedro Corte-Real (typo@netcabo.pt) [010916 16:29]: > I've had to close some udp ports on my firewall box that were being wrongly > exported. I did it with the following rules: > > Chain input (policy ACCEPT): > target prot opt source destination ports > ACCEPT udp ------ localnet/24 anywhere any -> any > ACCEPT udp ------ localhost anywhere any -> any > REJECT udp ------ anywhere anywhere any->1:1024 > REJECT udp ------ anywhere anywhere any -> icpv2 > > This blocks ports 1 - 1024 and 3130 except for the localnet. > > Is this the right way to do it? right enough. I'd prefer to see it like this: Chain input (policy REJECT): target prot opt source destination ports ACCEPT udp ------ localnet/24 anywhere any -> any ACCEPT udp ------ localhost anywhere any -> any REJECT udp ------ anywhere anywhere any -> icpv2 ACCEPT udp ------ anywhere anywhere any->1024:65535 but that's just me. It should have the same effect; I'm just never content to see policy ACCEPT. -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M'
Attachment:
pgpL49my_ebRi.pgp
Description: PGP signature