please advice:
I add next iptables rules:
iptables -I OUTPUT 2 -p udp --dport 53 -j ACCEPT iptables -I OUTPUT 2 -p udp --dport 1700:1750 -j ACCEPT iptables -I OUTPUT 3 -p udp -m udp --dport 1812 -j ACCEPT iptables -I OUTPUT 5 -p udp -m udp --dport 1813 -j ACCEPT iptables -I OUTPUT 5 -p udp -m udp --dport 5950:6050 -j ACCEPT iptables -I OUTPUT 5 -p udp -m udp --dport 499:510 -j ACCEPT iptables -I OUTPUT 5 -p udp -m udp --dport 4490:4550 -j ACCEPT iptables -I OUTPUT 20 -p udp -j DROPBut, after apply: ipsec, l2tp and openvp udp port 6000 stops working
Advice, what is wrong?
Here is my udp services:
udp 0 0 0.0.0.0:500 0.0.0.0:* 3115/charon udp 0 0 0.0.0.0:1701 0.0.0.0:* 2885/xl2tpd udp 0 0 162.243.256.150:6000 0.0.0.0:* 2818/openvpn udp 0 0 0.0.0.0:4500 0.0.0.0:* 3115/charon udp6 0 0 :::500 :::* 3115/charon udp6 0 0 :::4500 :::* 3115/charon
Answer
You’re using the OUTPUT chain, not the INPUT one, so when you’re putting dport, that’s the destination port for OUTPUT, which means the remote port, not the one on the machine you’re having the iptables running and services on.
You should change the chain to INPUT and in that case the dport would be what you want, meaning the port on your server.
edit :
In addition to adding those rules you will probably have to create the appropriate corresponding rules in the OUTPUT chain aswel, with a -sport this time.
Attribution
Source : Link , Question Author : user217884 , Answer Author : Pierre-Alain TORET
