LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-05-2010, 04:34 AM   #1
vijith.pa@gmail.com
LQ Newbie
 
Registered: Feb 2009
Posts: 26

Rep: Reputation: 0
Question How to block UDP protocols in iptables(Ubuntu)


Hai,
Currently I have 2 Lan card in My System one for communicate client pcs (Lan card Ip 192.168.1.100) and other for Internet (Lan card ip 192.168.0.100.) All client pcs are in 192.168.1.0 Subnet

Here i implement my system as router through iptables all clients are communicate through only 192.168.1.100 (clients default gateway also 192.168.1.100) Now no problem for forward rules when my system is active all clients are get internet.

Now i have problem with blocking UDP protocols i tried lot of things in net iptables -A INPUT -s 192.168.1.0/255.255.255.0 -p UDP -j DROP

But it's not blocking UDP protocols (i change UDP to ICMP Protocols then icmp is blocked every ip address) i need help with this problem?

with regards,
Vijith P A
 
Old 08-05-2010, 06:34 AM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by vijith.pa@gmail.com View Post
Hai,
Currently I have 2 Lan card in My System one for communicate client pcs (Lan card Ip 192.168.1.100) and other for Internet (Lan card ip 192.168.0.100.) All client pcs are in 192.168.1.0 Subnet

Here i implement my system as router through iptables all clients are communicate through only 192.168.1.100 (clients default gateway also 192.168.1.100) Now no problem for forward rules when my system is active all clients are get internet.

Now i have problem with blocking UDP protocols i tried lot of things in net iptables -A INPUT -s 192.168.1.0/255.255.255.0 -p UDP -j DROP

But it's not blocking UDP protocols (i change UDP to ICMP Protocols then icmp is blocked every ip address) i need help with this problem?

with regards,
Vijith P A
Care to post your rules??
What a lot of ppl fail to realise is that the order of the rules is the key thing.
You are appending to the INPUT chain, but if there is a rule before this that allows UDP then UDP will be allowed.
Post your iptables config here...
 
Old 08-05-2010, 08:43 AM   #3
vijith.pa@gmail.com
LQ Newbie
 
Registered: Feb 2009
Posts: 26

Original Poster
Rep: Reputation: 0
iptables -L -v

Chain INPUT (policy ACCEPT 2607K packets, 259M bytes)
pkts bytes target prot opt in out source destination
5 1115 DROP udp -- any any 192.168.1.0/24 anywhere

Chain FORWARD (policy ACCEPT 355 packets, 148K bytes)
pkts bytes target prot opt in out source destination
1595 2292K ACCEPT all -- eth1 eth0 anywhere anywhere
1017 69211 ACCEPT all -- eth0 eth1 anywhere anywhere
0 0 ACCEPT all -- eth0 any anywhere anywhere

Chain OUTPUT (policy ACCEPT 5071K packets, 6666M bytes)
pkts bytes target prot opt in out source destination
 
Old 08-05-2010, 09:10 AM   #4
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by vijith.pa@gmail.com View Post
iptables -L -v

Chain INPUT (policy ACCEPT 2607K packets, 259M bytes)
pkts bytes target prot opt in out source destination
5 1115 DROP udp -- any any 192.168.1.0/24 anywhere

Chain FORWARD (policy ACCEPT 355 packets, 148K bytes)
pkts bytes target prot opt in out source destination
1595 2292K ACCEPT all -- eth1 eth0 anywhere anywhere
1017 69211 ACCEPT all -- eth0 eth1 anywhere anywhere
0 0 ACCEPT all -- eth0 any anywhere anywhere

Chain OUTPUT (policy ACCEPT 5071K packets, 6666M bytes)
pkts bytes target prot opt in out source destination

ok..add the udp rule again and wait 5 mins.
then post the output of

Code:
iptables -L INPUT -n -v
we want to see if the package counter for the udp rule increases....
 
Old 08-05-2010, 11:13 PM   #5
vijith.pa@gmail.com
LQ Newbie
 
Registered: Feb 2009
Posts: 26

Original Poster
Rep: Reputation: 0
Hai,

I again add the same rule and the output of iptables -L INPUT -n -v

Chain INPUT (policy ACCEPT 2768 packets, 1666K bytes)
pkts bytes target prot opt in out source destination
819 104K DROP udp -- * * 192.168.1.0/24 0.0.0.0/0
0 0 DROP udp -- * * 192.168.1.0/24 0.0.0.0/0
 
Old 08-06-2010, 02:54 AM   #6
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by vijith.pa@gmail.com View Post
Hai,

I again add the same rule and the output of iptables -L INPUT -n -v

Chain INPUT (policy ACCEPT 2768 packets, 1666K bytes)
pkts bytes target prot opt in out source destination
819 104K DROP udp -- * * 192.168.1.0/24 0.0.0.0/0
0 0 DROP udp -- * * 192.168.1.0/24 0.0.0.0/0

Code:
  819  104K DROP       udp  --  *      *       192.168.1.0/24       0.0.0.0/0

udp packets from that subnet (192.168.1.0/24) are being dropped
you can see this because the packet counter for this rule is incrementing.
i suspect if udp is getting in still it is coming from elsewhere...another ip block or in another direction besides INPUT.
 
Old 08-06-2010, 08:35 AM   #7
vijith.pa@gmail.com
LQ Newbie
 
Registered: Feb 2009
Posts: 26

Original Poster
Rep: Reputation: 0
Actually i want to block torrentz downloading. i found in wireshark torrentz download is mainly used in udp port .after added this rule also ip address 192.168.1.128 can download content through torrentz site that i will monitor through wireshark...

pls help me how can i block torrentz downloading?
 
Old 08-11-2010, 06:48 AM   #8
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by vijith.pa@gmail.com View Post
Actually i want to block torrentz downloading. i found in wireshark torrentz download is mainly used in udp port .after added this rule also ip address 192.168.1.128 can download content through torrentz site that i will monitor through wireshark...

pls help me how can i block torrentz downloading?
the incoming ports used for torrents will be in your torrent client settings
 
Old 10-09-2010, 12:46 PM   #9
tincboy
Member
 
Registered: Apr 2010
Posts: 36

Rep: Reputation: 0
Quote:
Originally Posted by centosboy View Post
ok..add the udp rule again and wait 5 mins.
then post the output of

Code:
iptables -L INPUT -n -v
we want to see if the package counter for the udp rule increases....
I've an issue with blocking UDP packets too,
I'm receving a heavy UDP broadcast traffic from a server in an European data center to my server in the same DC,

all traffics are in UDP protocol and blocking the IP block of broadcaster with iptables didn't fix it, I can still see the packets are comming via tcpdump and iptables doesn't drop them because iptables -L INPUT -n -v show no packet drop.
I've used this rule in iptables to drop them:
iptables -I INPUT -s xxx.xxx.xxx.0/24 -p UDP -j DROP

Any one knows a way to drop them? they are making my server's load to 6 or 7 and all my traffic statistics are croupted now.
 
Old 10-11-2010, 11:58 AM   #10
raviteja_s
Member
 
Registered: Jun 2010
Location: India
Distribution: Redhat
Posts: 68

Rep: Reputation: 1
iptables -I INPUT -s 192.168.1.0/24 -p udp --dport { port number } -j DROP/REJECT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Block some ipaddres in Iptables (Ubuntu) vijith.pa@gmail.com Linux - Newbie 1 08-03-2010 01:13 AM
iptables: logging all protocols (not just tcp, udp, icmp) kfarstrider Linux - Security 5 06-29-2010 10:53 AM
iptables -p udp and -m udp Shwick Linux - Networking 1 10-22-2008 07:44 PM
udp port block mystery jchambers Linux - Newbie 3 01-07-2008 12:29 AM
Source code to block Specific Network protocols/ports ygramesh Programming 3 01-17-2007 07:43 PM


All times are GMT -5. The time now is 07:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration