UDP blocking.

I am trying to block all incoming traffic to ports 517,518 (udp) to anywhere except localhost. I am also trying to block port 68 (udp) from everywhere. The rules I am using are as follows:

#Filter talk
/sbin/ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 517
/sbin/ipchains -A input -p udp -j ACCEPT -s 127.0.0.1 -i eth0 -d 127.0.0.1 517
#Filter ntalk
/sbin/ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 518
/sbin/ipchains -A input -p udp -j ACCEPT -s 127.0.0.1 -i eth0 -d 127.0.0.1 518
#Filter bootp
/sbin/ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 68

I have been successfull at using the above methods to block certain tcp ports like MySQL. If I check the ipchains (ipchains -L) the above posted rules show up correctly, a rule to block 517,518, 68 and two rules to allow both 517 and 518 to localhost only. A udp portscan however shows that those three ports are available.
Any ideas?
-matt

 

 

 

 

Top