To answer your question, no I cannot, yet.
However, I can demonstrate iptables following what the "state" be on UDP packets using DNS.
Example, add this to your firewall and resolve a FQDN.
"iptables -I INPUT 1 -p udp -m state --state ESTABLISHED -j LOG --log-prefix 'DNS-In-Established '"
"iptables -I OUTPUT 1 -p udp -m state --state NEW -j LOG --log-prefix 'DNS-Out-New '"
You should see as I do, that the UDP DNS request are logged under the state NEW, and that the response was logged under the state ESTABLISHED.
I consider this, iptables differentiating between "New" and "Established" UDP "connections", reason to extrapolate that iptables can follow state in UDP packets such as flagging on "Invalid" or out of state UDP packets.
I aim to try and create an "Invalid" UDP state packet. I will follow up if I try regardless of the outcome.
On Fri, 2013-04-05 at 23:57 +0200, Pascal Hambourg wrote:
Matthew Babcock a écrit : > > > I know iptables -A INPUT -m state --state INVALID -j DROP works well. > And it does pick out invalid (aka out of state) UDP packets. DNS is one > additional example. AFAIK, UDP packets cannot be in the INVALID state. Can you provide an example of a UDP DNS packet in the INVALID state ?
No comments:
Post a Comment