FC-5 iptables question
Brian Chadwick
brianchad at westnet.com.au
Tue Aug 1 03:52:31 UTC 2006
Hi Peter,
I'm no expert, but as far as i know UDP is stateless .... so inspection
of flags like NEW would be meaningless.
Lets see wot other's say
Peter Horst wrote:
> Sorry, kind of a dumb question. I'm trying to open a port to allow
> DNS traffic (port 53, UDP and TCP). I tried a quick nmap from outside
> my network, and though the tcp port shows up open, there's no reading
> from the udp port. How can I tell if I've opened the port correctly?
> Here's what I think is the relevant output from 'service iptables
> status' - does this look right? Thanks much...
>
> Chain RH-Firewall-1-INPUT (2 references)
> num target prot opt source destination
> 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
> type 255
> 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
> 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
> 5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
> dpt:5353
> 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
> dpt:53
> 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:53
> 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
> dpt:631
> 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:631
> 10 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
> 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:22
> 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:25
> 13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:80
> 14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:443
> 15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:53
> 16 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0
> state NEW udp dpt:53
> 17 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-host-prohibited
>
More information about the fedora-list
mailing list