Find the answer to your Linux question:
Results 1 to 4 of 4
i.e. not just block UDP packets, but any packets that go to any port that uses UDP? I realise I could get a list of the ports and simply block ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2010
    Posts
    3

    IPTables - possible to block all traffic destined for ports that use UDP?


    i.e. not just block UDP packets, but any packets that go to any port that uses UDP? I realise I could get a list of the ports and simply block each of them ports individually, but I was wondering if there's a quicker/more elegant way?

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,440
    Code:
    iptables -A INPUT -p udp -j DROP
    That will drop any udp packets, that reach (INPUT) your machine.
    So it does what you ask.
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Apr 2010
    Posts
    3
    Quote Originally Posted by Irithori View Post
    Code:
    iptables -A INPUT -p udp -j DROP
    That will drop any udp packets, that reach (INPUT) your machine.
    So it does what you ask.
    I'm new at this, so correct me if I'm wrong, but my understanding is that the above will drop all UDP packets coming into my machine. What I need to do is drop all packets, of any protocol, that are addressed to any port that USES UDP. For example, port 22 (SSH) uses UDP packets, so I need to block ALL packets with --dport 22, even TCP packets. Similarly for all ports that accept UDP.

  4. $spacer_open
    $spacer_close
  5. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,440
    No, ssh uses tcp only.

    tcp and udp are on the same layer, the transport layer to be precise.
    Difference between them: udp is stateless, tcp stateful

    Have a look here
    TCP/IP model - Wikipedia, the free encyclopedia

    Also, iptables works like a filter.
    The more arguments you give, the finer it acts


    This will drop *ALL* incoming udp traffic
    Code:
    iptables -A INPUT -p udp -j DROP

    This will drop all udp traffic coming from 192.168.1.1
    Code:
    iptables -A INPUT -p udp -s 192.168.1.1 -j DROP

    This will drop all udp traffic coming from 192.168.1.1 to port 123 of *your* machine. (--dport = destination port)
    udp 123 happens to be the ntp protocollīs default port , so in plain text this rule would forbid connections from 192.168.1.1 to the ntp server of your machine.
    Code:
    iptables -A INPUT -p udp -s 192.168.1.1 --dport 123 -j DROP

    You are new to this, so beware of locking yourself out.
    Happens to anyone playing with firewalls

    I would suggest, first read about the TCP/IP Model
    and with that knowledge read about iptables here
    netfilter/iptables project homepage - Documentation about the netfilter/iptables project
    Last edited by Irithori; 04-29-2010 at 09:14 AM.
    You must always face the curtain with a bow.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •