hello list
hello girl and boy
how to control traffic udp
I seem to open udp ports
how to control traffic udp
[root@r13151 ~]# cat /etc/shorewall/rules
#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man
shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
############################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/ MARK
# PORT PORT(S)
DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/ MARK
# PORT PORT(S)
DEST LIMIT GROUP
# Accept DNS connections from the firewall to the Internet
#
DNS/ACCEPT:info $FW net - - -
- 15/sec:5 - -
# Accept SSH connections from the network to the firewall
#
SSH/ACCEPT:info net $FW - - -
- 15/sec - -
# Drop Ping from the "bad" net zone.. and prevent your log from being
flooded..
#
Ping/ACCEPT:info net $FW - - - - 1
- - - -
ACCEPT:info net $FW tcp http - -
1 - - - -
ACCEPT:info
net:proxy.ovh.net,proxy.p19.ovh.net,proxy.rbx.ovh.net,ping.ovh.net,cache.ovh.net,94.23.60.214
$FW icmp - - -1 - - - -
ACCEPT:info net $FW tcp 80 - -
15/sec
ACCEPT:info $FW net tcp 80 - -
15/sec
ACCEPT:info net $FW tcp 21 - -
15/sec
ACCEPT:info $FW net tcp 21 - -
15/sec
ACCEPT:info net $FW tcp 22 - -
15/sec
ACCEPT:info $FW net tcp 22 - -
15/sec
ACCEPT:info net $FW tcp 25 - -
15/sec
ACCEPT:info $FW net tcp 25 - -
15/sec
ACCEPT:info net $FW tcp 10000 - -
15/sec
ACCEPT:info $FW net tcp 10000 - -
15/sec
ACCEPT:info net $FW tcp 110 - -
15/sec
ACCEPT:info $FW net tcp 110 - -
15/sec
ACCEPT:info net $FW tcp 143 - -
15/sec
ACCEPT:info $FW net tcp 143 - -
15/sec
ACCEPT:info net $FW tcp 587 - -
15/sec
ACCEPT:info $FW net tcp 587 - -
15/sec
ACCEPT:info net $FW tcp 953 - -
15/sec
ACCEPT:info $FW net tcp 953 - -
15/sec
ACCEPT:info net $FW tcp 995 - -
15/sec
ACCEPT:info $FW net tcp 995 - -
15/sec
ACCEPT:info $FW net tcp 995 - -
15/sec
ACCEPT:info net $FW tcp 10024 - -
15/sec
ACCEPT:info $FW net tcp 10024 - -
15/sec
ACCEPT:info net $FW tcp 10025 - -
15/sec
ACCEPT:info $FW net tcp 10025 - -
15/sec
ACCEPT:info net $FW tcp 10026 - -
15/sec
ACCEPT:info $FW net tcp 10026 - -
15/sec
ACCEPT:info net $FW tcp 10027 - -
15/sec
ACCEPT:info $FW net tcp 10027 - -
15/sec
ACCEPT:info net $FW tcp 10028 - -
15/sec
ACCEPT:info $FW net tcp 10028 - -
15/sec
ACCEPT:info $FW net tcp 10029 - -
15/sec
ACCEPT:info net $FW tcp 10029 - -
15/sec
ACCEPT:info net $FW tcp 10030 - -
15/sec
ACCEPT:info $FW net tcp 10030 - -
15/sec
ACCEPT:info net $FW tcp 10031 - -
15/sec
ACCEPT:info $FW net tcp 10031 - -
15/sec
ACCEPT:info $FW net tcp 10040 - -
15/sec
ACCEPT:info net $FW tcp 10040 - -
15/sec
ACCEPT:info $FW net tcp 993 - -
15/sec
ACCEPT:info net $FW tcp 993 - -
15/sec
ACCEPT:info $FW net udp 53 - -
15/sec
ACCEPT:info net $FW udp 53 - -
15/sec
ACCEPT:info $FW net udp 953 - -
15/sec
ACCEPT:info net $FW udp 953 - -
15/sec
ACCEPT:info net $FW tcp 53 - -
15/sec
ACCEPT:info $FW net tcp 53 - -
15/sec
ACCEPT:info net $FW tcp 953 - -
15/sec
ACCEPT:info $FW net tcp 953 - -
15/sec
ACCEPT:info net $FW udp 123 - -
15/sec
ACCEPT:info $FW net udp 123 - -
15/sec
ACCEPT:info $FW net tcp 2000 - -
15/sec
ACCEPT:info net $FW tcp 2000 - -
15/sec
ACCEPT:info $FW net tcp 2222 - -
15/sec
ACCEPT:info net $FW tcp 2222 - -
15/sec
# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT:info $FW net icmp - -
- 15/sec
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
------------------------------------------------------------------------------
On Sun, May 02, 2010 at 02:44:27AM +0200, fakessh wrote:> hello list > hello girl and boy > > how to control traffic udp > I seem to open udp ports > how to control traffic udpThis doesn''t make sense. First, what do you mean by "control"? Second, how are you determining that all UDP ports are open? Third, the information that we would need is the output of ''shorewall dump''. For more information: http://www.shorewall.net/support.htm Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------
On 5/1/2010 5:44 PM, fakessh wrote:> hello list > hello girl and boy > > how to control traffic udp > I seem to open udp ports >See Shorewall FAQ 4a (http://www.shorewall.net/FAQ.htm#faq4a) -Tom ------------------------------------------------------------------------------