Problem s UDP provozem
Peter Surda
shurdeek na routehat.org
Čtvrtek Prosinec 16 13:48:17 CET 2004
On Thu, Dec 16, 2004 at 01:38:25PM +0100, Petr Lascak wrote:
> iptables -I FORWARD(INPUT) -p tcp -m multiport --dports 113,135,136,137,138,139,445 -j REJECT --reject-with tcp-reset
> iptables -I FORWARD(INPUT) -p udp -m multiport --dports 113,135,136,137,138,139,445 -j REJECT --reject-with icmp-port-unreachable
> iptables -I FORWARD(INPUT) -p tcp -m multiport --sports 113,135,136,137,138,139,445 -j REJECT --reject-with tcp-reset
> iptables -I FORWARD(INPUT) -p udp -m multiport --sports 113,135,136,137,138,139,445 -j REJECT --reject-with icmp-port-unreachable
Popisany problem skoro urcite nie je sposobeny cervami. Tie pouzivaju tcp
alebo v prvych verziach icmp. Okrem toho na cervy staci zablokovat tcp 135 a
445.
Podla mna su to skor P2P-programy, tie sa v poslednej dobe preorientovavaju na
UDP.
Otazku, preco vsak aj pri malom toku sposobuju velku latenciu vsak bez
blizsich informacii zodpovedat neviem.
> Petr Lascak
S pozdravom,
Peter Surda (Shurdeek) <shurdeek na routehat.org>, ICQ 10236103, +436505122023
--
Press every key to continue.
Další informace o konferenci Linux