[Openswan Users] Blocking udp 1701 from outside on 2.6.26 (netkey)
Willie Gillespie
wgillespie+openswan at es2eng.com
Mon Oct 11 20:48:51 EDT 2010
Yes, that's probably the expected behavior. Since UDP doesn't create a
connection, a non-response could be open or filtered as far as nmap is
concerned. It depends on the application. You could change the second
iptables rule to a REJECT and nmap should return "closed" to show that
the rule is indeed being followed.
Gottfried Haider wrote:
> Hi Willie,
>
> thanks for your fast reply.
>
> I tried it out
>
> gohai at escher:/$ sudo iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT udp -- anywhere anywhere policy
> match dir in pol ipsec udp dpt:l2f
> DROP udp -- anywhere anywhere udp dpt:l2f
>
> but when i run nmap from a remote host (not connected via the tunnel)
> it still shows me
>
> 1701/udp open|filtered L2TP
>
> - is this the expected behavior?
>
> Gottfried
More information about the Users
mailing list