[oclug] ipchains question
Michael P. Soulier
michael.soulier at home.com
Sat Aug 11 14:20:48 EDT 2001
Hey people.
My firewall rules include the following:
$ipchains -A input -p udp -d $ipexternal/32 1024:65535 -i eth0 -j ACCEPT
This is to allow UDP traffic on unpriviledged ports. I decided to narrow
the range of this, but I ended up blocking DNS.
Is the above rule unsafe? Is there a way to restrict UDP traffic without
blocking DNS responses?
Thanks,
Mike
--
Michael P. Soulier <msoulier at storm.ca>
"With sufficient thrust, pigs fly just fine. However, this is not necessarily a
good idea. It is hard to be sure where they are going to land, and it could be
dangerous sitting under them as they fly overhead." -- RFC 1925
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20010811/fdaebbce/attachment.bin
More information about the OCLUG
mailing list