[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] UDP wide open?!?!?



* Anders Johansson; <andjoh@xxxxxxxxxx> on 31 Oct, 2002 wrote:
On Thursday 31 October 2002 00.18, Togan Muftuoglu wrote:
Sorry Anders but I can not make it from the script Where do you read
this in the code for this interpretation ? my understanding is the other
way around here you need to place ports >1023

Ok Just to make this clear so I can have the documentation accordingly


[Dd][Nn][Ss])
               OPEN_DNS=yes

test "$OPEN_DNS" = yes && {
  test -z "$NAMESERVERS" && \
      echo 'Warning: No nameservers in /etc/resolv.conf!'
  for k in $NAMESERVERS; do
      test "$k" = 127.0.0.1 || for CHAIN in input_int input_dmz input_ext; do
$LAA $IPTABLES -A $CHAIN -j LOG ${LOG}"-ACCEPT " -p udp -s $k --sport
53 --dport 1024:65535

this is when [Dd][Nn][Ss] for FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
which is the default in the config file. Then it will read the
$NAMESERVERS array which are the nameserver names that are placed in
/etc/resolv.conf and for each of them except 127.0.0.1 allow connection

for example when I have 212.156.4.4 in my /etc/resolv.conf this code

$LAA $IPTABLES -A $CHAIN -j $LOG ${LOG}"-ACCEPT" -p udp -s 212.1456.4.4
--sport 53 --dport 1024:65535


# guess this has to be state NEW because the outgoing packet was not seen when
# doing autodialing... XXX - or?
$IPTABLES -A $CHAIN -j "$ACCEPT" -m state --state NEW,ESTABLISHED,REL
ATED -p udp -s $k --sport 53 --dport 1024:65535
       done
  done
}

again $k would be 212.156.4.4 in this case


Maybe I am mistaken

The documentation in the SuSEfirewall2 script seems to be wrong. It should be "dns" not "domain", and ntp doesn't seem to be supported (at least I can't find it)

no domain is correct just do a grep dns /etc/services

Now the second part where the FW_ALLOW_INCOMING_UDP ports are used, I'll
try to see the {input_int} chains and try to follow from there on. So
This part still not clear


--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here