On Tue, 29 Apr 2003 13:55:12 -0000, William Trenker <wdtrenker@yahoo.ca>
wrote:
> (I''ve got this working but I just want to be sure I''m
doing it the
> design-intended way.)
>
> I have an application on my local computer that broadcasts to a name
> server that is running on my shorewall-protected gateway computer. The
> protocol for this exchange is that the local (client) computer broadcasts
> on UDP port 9091 looking for a name server. The name server sends back a
> UDP response packet with 9091 as the source port (the destination port is
> arbitrary, apparently the next available in the tcp/ip stack''s
pool).
> Since UDP is connectionless I''m handling this exchange in my rules
file
> with these 2 entries:
> ACCEPT loc fw udp 9091
> ACCEPT fw loc udp - 9091
>
> I''m assuming that the 2nd rule will only allow UDP from loc to fw
if the
> source port is 9091. Is this the correct way to handle this or is there
> another way to define stateful UDP ''connections''?
What you are doing is the only way to handle a UDP "connection" that
begins
with a broadcast to a fixed port.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net