Re: bind() udp behavior 2.6.8.1

From: Wichert Akkerman
Date: Tue Dec 14 2004 - 20:02:11 EST

Next message: John W. Linville: "Re: [Fwd: 2.6.10-rc3: tulip-driver: tulip_stop_rxtx() failed]"
Previous message: Adrian Bunk: "[2.6 patch] net/ipv4/: misc possible cleanups"
In reply to: Jan Engelhardt: "Re: bind() udp behavior 2.6.8.1"
Next in thread: Kyle Moffett: "Re: bind() udp behavior 2.6.8.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Previously Adam Denenberg wrote:
> i am aware that UDP is connectionless. However in terms of a firewall
> this is different. It _must_ keep a state table of some sorts otherwise
> high port outbound connections destined for a DNS server will never be
> let back in b/c the firewall will just say "Why is this dns server
> making a udp connection to port 32768 on this client?". Keeping a state
> table allows this behavior thru the firewall as it should.

Just allow outgoing udp traffic from source port 53 from your DNS
server and you're done.

Wichert.

--
Wichert Akkerman <wichert@xxxxxxxxx> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John W. Linville: "Re: [Fwd: 2.6.10-rc3: tulip-driver: tulip_stop_rxtx() failed]"
Previous message: Adrian Bunk: "[2.6 patch] net/ipv4/: misc possible cleanups"
In reply to: Jan Engelhardt: "Re: bind() udp behavior 2.6.8.1"
Next in thread: Kyle Moffett: "Re: bind() udp behavior 2.6.8.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]