September 2005
Intermediate to advanced
552 pages
13h 30m
English
Content preview from Linux Firewalls, Third EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Enabling Common UDP Services
The stateless UDP protocol is inherently less secure than the connection-based TCP protocol. Because of this, many security-conscious sites completely disable, or else limit as much as possible, all access to UDP services. Obviously, UDP-based DNS exchanges are necessary, but the remote name servers can be explicitly specified in the firewall rules. As such, this section provides rules for only three services:
traceroute
Dynamic Host Configuration Protocol (DHCP)
Network Time Protocol (NTP)
traceroute (UDP Port 33434)
On Unix and Linux systems, traceroute is a UDP service that causes intermediate systems to generate ICMP Time Exceeded messages to gather hop count information, and that causes the target system to return ...