Re: rules suggestion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

On Thu, 22 Jul 2004 10:43:07 +0500
Askar Ali Khan <askarali@xxxxxxxxx> wrote:

> Or we are unnecessary repeating it on some chains/tables.
Yes, here:
> iptables -t nat -A PREROUTING -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -t nat -A PREROUTING -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP

You already have that in your INPUT chain. Always stick to the 'filter' table
for filtering.

I also think Windows uses only UDP (quite sure) on ports 137:138 (not sure).

Why don't you go for a default DROP policy with ACCEPT rules?


Kind regards,

Leslie
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux