* Iptables udp ports advice
@ 2014-04-28 8:55 Dmitry Korzhevin
0 siblings, 0 replies; only message in thread
From: Dmitry Korzhevin @ 2014-04-28 8:55 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1390 bytes --]
Hi,
Thank you for answer! Can you please advice the best way to:
I have next services, working with udp:
netstat -ulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
udp 0 0 0.0.0.0:500 0.0.0.0:*
22822/charon
udp 0 0 0.0.0.0:1701 0.0.0.0:*
3023/xl2tpd
udp 0 0 162.243.246.152:6000 0.0.0.0:*
22931/openvpn
udp 0 0 0.0.0.0:4500 0.0.0.0:*
22822/charon
udp6 0 0 :::500 :::*
22822/charon
udp6 0 0 :::4500 :::*
22822/charon
Can you please advice best option to allow this services and block all
other upd?
I use next rules:
iptables -I OUTPUT 2 -p udp --dport 53 -j ACCEPT
iptables -I OUTPUT 2 -p udp --dport 1701 -j ACCEPT
iptables -I OUTPUT 3 -p udp -m udp --dport 1812 -j ACCEPT
iptables -I OUTPUT 4 -p udp -m udp --dport 1813 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 1813 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 6000 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 500 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 4500 -j ACCEPT
iptables -I OUTPUT 10 -p udp -j DROP
Best Regards,
Dmitry
---
Dmitry KORZHEVIN
[-- Attachment #2: Криптографическая подпись S/MIME --]
[-- Type: application/pkcs7-signature, Size: 4587 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-04-28 9:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-28 8:55 Iptables udp ports advice Dmitry Korzhevin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.