block K5 listening UDP PUBLIC port using iptables – how?

Home Page Forums Network Management ZeroShell block K5 listening UDP PUBLIC port using iptables – how?

This topic contains 0 replies, has 0 voices, and was last updated by  tls 2 years, 10 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #43630

    tls
    Member

    I have been trying to block the input or output of K5 using IPtables to shield on my PUBLIC IP – security reasons. I have tried all manner of rules for the UDP, but I can’t get the config right. I was able to block the IP tcp port with ease.

    I know there is no way to alter the binding, at least I was not able to find it.

    Any help doing this would be great.

    Rule for IP (this works):

    -A INPUT -i ETH00 -p tcp -m tcp –dport 749 -j DROP

    Rules I have tried for UDP:

    -A INPUT -i ETH00 -p udp -m state –state UNTRACKED -m udp –sport 88 -j DROP
    -A INPUT -i ETH00 -p udp -m udp –sport 88 -j DROP
    -A INPUT -i ETH00 -p udp -m state –state UNTRACKED -m udp –dport 88 -j DROP
    -A INPUT -i ETH00 -p udp -m udp –dport 88 -j DROP
    -A INPUT -i ETH00 -p udp -m state –state NEW -m udp –dport 88 -j DROP
    -A INPUT -p udp -m state –state ESTABLISHED -m udp –dport 88 -j DROP
    -A INPUT -i ETH00 -p udp -m state –state RELATED -m udp –dport 88 -j DROP
    -A INPUT -i ETH00 -p udp -m state –state INVALID -m udp –dport 88 -j DROP
    -A INPUT -i ETH00 -p udp -m state –state INVALID,NEW,RELATED,ESTABLISHED,UNTRACKED -m udp –dport 88 -j DROP
    -A INPUT -i ETH00 -p udp -m state –state INVALID,NEW,RELATED,ESTABLISHED,UNTRACKED -m udp –sport 88 -j DROP

    I am testing with this nmap command:
    nmap -p 88 -sU -P0 xxx.yyy.zzz.aaa

    Thanks,
    tls

    #52722

    hvgsit
    Participant

    Just found your post and had the same issue.

    What worked for me was the following firewall rules done in the web interface in the INPUT chain

    ppp0 * REJECT tcp opt — in ppp0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:749 reject-with icmp-port-unreachable
    ppp0 * REJECT udp opt — in ppp0 out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:88 reject-with icmp-port-unreachable

    Confirmed working on external ip with

    nmap -p749 -sUT x.x.x.x

    and

    nmap -p88 -sUT x.x.x.x

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.