Mailinglist Archive: opensuse-security (487 mails)
| < Previous | Next > |
Re: [suse-security] UDP wide open?!?!?
- From: Anders Johansson <andjoh@xxxxxxxxxx>
- Date: Thu, 31 Oct 2002 00:33:39 +0100
- Message-id: <200210310033.39719.andjoh@xxxxxxxxxx>
On Thursday 31 October 2002 00.27, Anders Johansson wrote:
<snip>
Also, if I'm reading this correctly
*)
test "$DONE_ALL" = yes || for CHAIN in input_int input_dmz
input
_ext; do
$LAA $IPTABLES -A $CHAIN -j LOG ${LOG}"-ACCEPT " -p udp
--sp
ort $j --dport 1024:65535
$IPTABLES -A $CHAIN -j "$ACCEPT" -m state --state
NEW,ESTABL
ISHED,RELATED -p udp --sport $j --dport 1024:65535
done
;;
It looks like if you have anything unrecognized (like "domain" or "ntp") then
all high udp ports will be open
<snip>
Also, if I'm reading this correctly
*)
test "$DONE_ALL" = yes || for CHAIN in input_int input_dmz
input
_ext; do
$LAA $IPTABLES -A $CHAIN -j LOG ${LOG}"-ACCEPT " -p udp
--sp
ort $j --dport 1024:65535
$IPTABLES -A $CHAIN -j "$ACCEPT" -m state --state
NEW,ESTABL
ISHED,RELATED -p udp --sport $j --dport 1024:65535
done
;;
It looks like if you have anything unrecognized (like "domain" or "ntp") then
all high udp ports will be open
| < Previous | Next > |