yes, outbound UDP through the NAT layer adds an entry to the tracking table
which expires after some time.
this sorta explains it...
https://www.linuxtopia.org/Linux_Firewall_iptables/x1544.html
On Tue, May 26, 2020 at 12:59 PM Kenneth Porter <shiva@xxxxxxxxxxxxxxx>
wrote:
> I figure that TCP is easy: Add a rule to the forward chain to allow SYN
> packets. There's already connection tracking to handle established
> connections. Does connection tracking handle UDP? If I allow all UDP
> from the LAN interface and one sends a DNS query from LAN to WAN, will
> the reply get back? I don't want to blanket authorize all UDP. ICMPv6,
> maybe, to allow traceroutes. Unless that's also handled by the tracking
> system.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
--
-john r pierce
recycling used bits in santa cruz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
