Re: Linux Firewall

Mark Tschudin <mark@xxxxxxxxxxxxxx> pise na comp.os.linux.security:
I run a stand-alone Linux workstation connected to broadband via a
nat-enabled router.

Does the following firewall script make sense to you guys(it seems to
work)? Any suggestions and comments would be much appreciated.
[CUT]

for port in ${UDP_OUT}; do
$NEW OUTPUT -p udp --dport ${port} -m state --state NEW,ESTABLISHED
-j ACCEPT
done

udp is stateless protocol, so state switch is extra here, to be precise udp has
no state...
and one more thing ... from my point of view it's pointles to filter outgoing
traffic....


--
____ __ ___| | ___ Ignorance is .~. hrvoje.spoljar@><.pbf.hr
(_-< '_ \/ _ \ |_/ -_) bliss, but / V \ irc # RoCkY
/__/ .__/\___/__/\___| knowledge is /( )\ icq : 53000945
|_| power! ^-^ http://spole.pbf.hr
.