Arnau Bria wrote: > I solved it adding next at top of rules: > > -A INPUT -p tcp ! --syn -j ACCEPT > -A INPUT -p udp -j ACCEPT
While the first line is mostly harmless (well, even that's not really true, but let's keep it simple), the second line opens your firewall to *all* incoming UDP packets, and therefore effectively disables your firewall for UDP services. I don't know if you have another line of defense before your iptables firewall (e.g. a router/firewall). If you don't, you expose yourself to serious trouble. In general, my advice would be not to build your own iptables firewall ruleset unless you have *very good* knowledge about IP protocols. Use one of the firewall builder tools like shorewall [1] or firestarter [2]. -- Remy [1] http://www.shorewall.net/ [2] http://www.fs-security.com/ Remove underscore and suffix in reply address for a timely response. -- gentoo-user@gentoo.org mailing list
