On Wednesday 20 February 2002 06:08 am, TD - Sales International Holland B.V.
wrote:
> Oh I forgot to mention, one more thing I'm worrying about. I believe it's
> not possible to track the state of UDP connections, and since I run a
> caching DNS there will be some UDP traffic and I'm afraid my current rule
> set might drop those packets. Does anyone know how to allow this traffic
> with a default DROP policy? (This also goes for the NAT, with ICQ n stuff
> which I believe uses UDP as well). I just hope I'm totally wrong on this
> one and that the --state RELATED,ESTABLISHED will pick these up.
>
> Kind regards,
>
> Ferry van Steen
>
> -------------------------------------------------------
yeah udp is stateless, so you would really have to allow the specific udp
ports you want through or all of them for whatever machines you want to use
services that use it
