let's look at these two iptables rules which are often used to allow outgoing DNS: iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A
First give a -p option like -p tcp or -p udp. Examples: iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j DROP iptables -A INPUT -p udp --dport 53 --sport 1024:65535 -j ACCEPT You could also try -p all but I've never done that and don't find too much support for it in the examples.
This can't be fixed with a stateless firewall without voiding the security the firewall is supposed to provide. One can't just add: udp sport 53 accept + tcp sport { 53, 443 } accept to allow DNS replies and HTTPS replies to work, because then any remote attack can use such source ports to access any ports and thus services on the VPS system.
MSN: The affordable sports car that holds its value better than any Corvette
In an era where new cars often lose significant value the moment they’re driven off the lot, sports cars are especially notorious for steep depreciation. Exotic marques like Ferrari and Porsche hold ...
The affordable sports car that holds its value better than any Corvette
Wichita's largest indoor sports and adventure facility. Trampolines, basketball, volleyball, parties and events all under one roof.
with "u32 match ip sport 80" in Linux tc I can match port 80, but how can I match a port range 10000 - 20000 ?