Problem s UDP provozem

Peter Surda shurdeek na routehat.org
Čtvrtek Prosinec 16 13:48:17 CET 2004


On Thu, Dec 16, 2004 at 01:38:25PM +0100, Petr Lascak wrote:
>   iptables -I FORWARD(INPUT) -p tcp -m multiport --dports 113,135,136,137,138,139,445 -j REJECT --reject-with tcp-reset
>   iptables -I FORWARD(INPUT) -p udp -m multiport --dports 113,135,136,137,138,139,445 -j REJECT --reject-with icmp-port-unreachable
>   iptables -I FORWARD(INPUT) -p tcp -m multiport --sports 113,135,136,137,138,139,445 -j REJECT --reject-with tcp-reset
>   iptables -I FORWARD(INPUT) -p udp -m multiport --sports 113,135,136,137,138,139,445 -j REJECT --reject-with icmp-port-unreachable
Popisany problem skoro urcite nie je sposobeny cervami. Tie pouzivaju tcp
alebo v prvych verziach icmp. Okrem toho na cervy staci zablokovat tcp 135 a
445.

Podla mna su to skor P2P-programy, tie sa v poslednej dobe preorientovavaju na
UDP.

Otazku, preco vsak aj pri malom toku sposobuju velku latenciu vsak bez
blizsich informacii zodpovedat neviem.

>         Petr Lascak
S pozdravom,

Peter Surda (Shurdeek) <shurdeek na routehat.org>, ICQ 10236103, +436505122023

-- 
                   Press every key to continue.


Další informace o konferenci Linux