On Fri, 18 Jan 2002 23:14:51 +0100 Michael Stauber <[EMAIL PROTECTED]> wrote:
> If you have webpages which allow you to upload files to the server, then you > might need to extend the rules to allow for UDP connections as well: > > $IPCHAINS -A input -p udp -s $REMOTENET 1023: -d $LOCALNET 80:81 -j ACCEPT > $IPCHAINS -A input -p udp -s $REMOTENET 1023: -d $LOCALNET 443:444 -j ACCEPT Michael, could you elaborate this? I don't know of any web specific service using UDP protocol. When you do Netscape-style file upload, or use "PUT" method to place documents on the server, in both cases data flows over standard TCP connection. To the best of my knowledge, the only UDP ports you need to open in a typical configuration are BIND and possibly NTP (53 and 123). If you use NFS or any RPC services, that's another story. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
