Iptables udp ports advice

[Dmitry Korzhevin <dmitry.korzhevin@xxxxxxxxxx>]

Hi,

Thank you for answer! Can you please advice the best way to:

I have next services, working with udp:

netstat -ulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address 
State       PID/Program name
udp        0      0 0.0.0.0:500             0.0.0.0:* 
        22822/charon
udp        0      0 0.0.0.0:1701            0.0.0.0:* 
        3023/xl2tpd
udp        0      0 162.243.246.152:6000    0.0.0.0:* 
        22931/openvpn
udp        0      0 0.0.0.0:4500            0.0.0.0:* 
        22822/charon
udp6       0      0 :::500                  :::* 
        22822/charon
udp6       0      0 :::4500                 :::* 
        22822/charon


Can you please advice best option to allow this services and block all 
other upd?

I use next rules:

iptables -I OUTPUT 2 -p udp --dport 53 -j ACCEPT
iptables -I OUTPUT 2 -p udp --dport 1701 -j ACCEPT
iptables -I OUTPUT 3 -p udp -m udp --dport 1812 -j ACCEPT
iptables -I OUTPUT 4 -p udp -m udp --dport 1813 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 1813 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 6000 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 500 -j ACCEPT
iptables -I OUTPUT 5 -p udp -m udp --dport 4500 -j ACCEPT
iptables -I OUTPUT 10 -p udp -j DROP


Best Regards,
Dmitry

---
Dmitry KORZHEVIN

Attachment: smime.p7s
Description: ÐÑипÑогÑаÑиÑеÑÐºÐ°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑ S/MIME