Well, I've got a good news: **If you are running GNU/Linux then it's not that difficult.
Most of admins and devs often tell me "Yeah I know but, it's difficult." and "I doubt our partners will be trained enough to do that". Please find all errors in the above text :-).No one ever do iptables because it's supposed to be impossible to manage and complicated when it's not. The kernel keeps track of which ports are blocked (either by other services, or by previous outgoing UDP packets), so that these ports will not be used for new outgoing DNS packets within the timeframe? (What would happen, if I accidentally tried to start a service on that port within the timeframe - would that attempt be denied/blocked?) So, iptables basically remembers the port number that was used for the outgoing packet (what else could it remember for a UDP packet?), and then allows the first incoming packet that is sent back within a short timeframe? An attacker would have to guess the port number (would that really be too hard?) This module, when combined with connection tracking, allows access to theĬonnection tracking state for this packet. Here is my intuition - I'd like to know, if or where this is incorrect: My question is: How exactly should I understand the ESTABLISHED state in UDP? UDP is stateless.
Iptables -A INPUT -p udp -sport 53 -dport 1024:65535 m state -state NEW,ESTABLISHED -j ACCEPT Let's look at these two iptables rules which are often used to allow outgoing DNS: iptables -A OUTPUT -p udp -sport 1024:65535 -dport 53
0 kommentar(er)
