* Iptables udp ports advice
@ 2014-04-28 8:55 Dmitry Korzhevin
0 siblings, 0 replies; only message in thread
From: Dmitry Korzhevin @ 2014-04-28 8:55 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1390 bytes --]
Hi,
Thank you for answer! Can you please advice the best way to:
I have next services, working with udp:
netstat -ulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
udp 0 0 0.0.0.0:500 0.0.0.0:*
22822/charon
udp 0 0 0.0.0.0:1701 0.0.0.0:*
3023/xl2tpd
udp 0 0 162.243.246.152:6000 0.0.0.0:*
22931/openvpn
udp 0 0 0.0.0.0:4500 0.0.0.0:*
22822/charon
udp6 0 0 :::500 :::*
22822/charon
udp6 0 0 :::4500 :::*
22822/charon
Can you please advice best option to allow this services and block all
other upd?
I use next rules:
iptables -I OUTPUT 2 -p udp --dport 53 -j ACCEPT
iptables -I OUTPUT 2 -p udp --dport 1701 -j ACCEPT
iptables -I OUTPUT 3 -p udp -m udp --dport 1812 -j ACCEPT
iptables -I OUTPUT 4 -p udp -m udp --dport 1813 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 1813 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 6000 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 500 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 4500 -j ACCEPT
iptables -I OUTPUT 10 -p udp -j DROP
Best Regards,
Dmitry
---
Dmitry KORZHEVIN
[-- Attachment #2: Криптографическая подпись S/MIME --]
[-- Type: application/pkcs7-signature, Size: 4587 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-04-28 9:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-28 8:55 Iptables udp ports advice Dmitry Korzhevin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).