1 |
Etaoin Shrdlu wrote: |
2 |
> On Tuesday 24 February 2009, 18:21, Florian Philipp wrote: |
3 |
>> Nikos Chantziaras schrieb: |
4 |
>>> Grant wrote: |
5 |
>>>> How can I find out whether I should be specifying TCP, UDP, or both |
6 |
>>>> for iptables (shorewall) config? |
7 |
>>> By knowing the application's protocol for which you write the rules |
8 |
>>> for :P [...] So you have to research a bit to see if the |
9 |
>>> application uses TCP or UDP. |
10 |
>> You can also have a look at /etc/services which lists the more |
11 |
>> common protocols and their ports. |
12 |
> |
13 |
> Or even sniff the traffic and see which protocols are used. |
14 |
> |
15 |
|
16 |
You're going to miss stuff that way. Take for example a DNS server. |
17 |
Normally requests are UDP over port 53. However once your request |
18 |
exceeds 512 bytes TCP is used on port 53. That rarely happens and in |
19 |
fact many ISPs don't seem to be aware that this can happen. |
20 |
Chances are you're going to find almost everything you need at |
21 |
http://www.shorewall.net/Documentation_Index.html which is going to far |
22 |
better than trying to cobble everything together yourself. |
23 |
|
24 |
kashani |