On Tuesday 03 August 2004 8:33 am, Dhananjoy Chowdhury wrote:
> On Tue, 2004-08-03 at 11:47, Antony Stone wrote:
> >
> > I disagree.
> >
> > Try ACCEPTing the packets you *want* to go through the firewall, and DROP
> > everything else.
>
> Your terminology is very much true but David has already applied the
> rule
> #iptables -A FORWARD -p udp -s 0/0 --dport 137 -j DROP
That is not the same rule as "iptables -I FORWARD......"
I suspect he has a rule somewhere in the ruleset which is allowing the packets
(perhaps based on source address?), which adding a rule at the end will not
solve. Putting the DROP rule at the top of the ruleset makes a big
difference.
If the problem is packets to random destination ports, *from* UDP port 137,
then it doesn't sound like what the ISP originally complained about, and
what's the threat anyway (since destination port is what matters in terms of
vulnerabilities and exploits)?
Regards,
Antony.
--
If the human brain were so simple that we could understand it,
we'd be so simple that we couldn't.
Please reply to the list;
please don't CC me.
