Hi Peter,
I'm no expert, but as far as i know UDP is stateless .... so inspection
of flags like NEW would be meaningless.
Lets see wot other's say
Peter Horst wrote:
Sorry, kind of a dumb question. I'm trying to open a port to allow
DNS traffic (port 53, UDP and TCP). I tried a quick nmap from outside
my network, and though the tcp port shows up open, there's no reading
from the udp port. How can I tell if I've opened the port correctly?
Here's what I think is the relevant output from 'service iptables
status' - does this look right? Thanks much...
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:53
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:53
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:631
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:631
10 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:22
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:25
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:80
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:443
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:53
16 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0
state NEW udp dpt:53
17 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited