[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UDP firewalling



* Pedro Corte-Real (typo@netcabo.pt) [010916 16:29]:
> I've had to close some udp ports on my firewall box that were being wrongly 
> exported. I did it with the following rules:
> 
> Chain input (policy ACCEPT):
> target     prot opt     source                destination           ports
> ACCEPT     udp  ------  localnet/24          anywhere             any ->  any
> ACCEPT     udp  ------  localhost            anywhere              any ->  any
> REJECT     udp  ------  anywhere             anywhere             any->1:1024
> REJECT     udp  ------  anywhere             anywhere             any -> icpv2
> 
> This blocks ports 1 - 1024 and 3130 except for the localnet.
> 
> Is this the right way to do it? 

right enough. I'd prefer to see it like this:

Chain input (policy REJECT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  localnet/24          anywhere             any ->  any
ACCEPT     udp  ------  localhost            anywhere              any ->  any
REJECT     udp  ------  anywhere             anywhere             any -> icpv2
ACCEPT     udp  ------  anywhere             anywhere             any->1024:65535

but that's just me. It should have the same effect; I'm just never
content to see policy ACCEPT.


-- 
Vineet                                   http://www.anti-dmca.org
Unauthorized use of this .sig may constitute violation of US law.
echo Qba\'g gernq ba zr\!             |tr 'a-zA-Z' 'n-za-mN-ZA-M'

Attachment: pgpAvBL8kBCb8.pgp
Description: PGP signature


Reply to: