[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- Subject: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: Sat, 19 Jan 2002 14:13:59 +0300
- Organization: Average
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 18 Jan 2002 23:14:51 +0100
Michael Stauber <cobalt@xxxxxxxxxxxxxx> wrote:
> If you have webpages which allow you to upload files to the server, then you
> might need to extend the rules to allow for UDP connections as well:
>
> $IPCHAINS -A input -p udp -s $REMOTENET 1023: -d $LOCALNET 80:81 -j ACCEPT
> $IPCHAINS -A input -p udp -s $REMOTENET 1023: -d $LOCALNET 443:444 -j ACCEPT
Michael,
could you elaborate this? I don't know of any web specific service using
UDP protocol. When you do Netscape-style file upload, or use "PUT" method
to place documents on the server, in both cases data flows over standard
TCP connection.
To the best of my knowledge, the only UDP ports you need to open in a
typical configuration are BIND and possibly NTP (53 and 123). If you
use NFS or any RPC services, that's another story.
Eugene