[gentoo-user] {OT} TCP or UDP?

[gentoo-user] {OT} TCP or UDP?

[Grant]

How can I find out whether I should be specifying TCP, UDP, or both
for iptables (shorewall) config?

- Grant

[gentoo-user] Re: {OT} TCP or UDP?

[Nikos Chantziaras]

Grant wrote:
> How can I find out whether I should be specifying TCP, UDP, or both
> for iptables (shorewall) config?

By knowing the application's protocol for which you write the rules for :P

For example, if I write some rule that applies to traffic generated by a 
web server and web browsers, that's TCP.  If I write rules that apply to 
an online game's matchmaking and game discovery browser, that's UDP (but 
depends on the game).  So you have to research a bit to see if the 
application uses TCP or UDP.

Re: [gentoo-user] Re: {OT} TCP or UDP?

[Florian Philipp]

Nikos Chantziaras schrieb:
> Grant wrote:
>> How can I find out whether I should be specifying TCP, UDP, or both
>> for iptables (shorewall) config?
> 
> By knowing the application's protocol for which you write the rules for :P
> [...]   So you have to research a bit to see if the
> application uses TCP or UDP.
> 
> 

  You can also have a look at /etc/services which lists the more common 
protocols and their ports.

Re: [gentoo-user] Re: {OT} TCP or UDP?

[Etaoin Shrdlu]

On Tuesday 24 February 2009, 18:21, Florian Philipp wrote:
> Nikos Chantziaras schrieb:
> > Grant wrote:
> >> How can I find out whether I should be specifying TCP, UDP, or both
> >> for iptables (shorewall) config?
> >
> > By knowing the application's protocol for which you write the rules
> > for :P [...]   So you have to research a bit to see if the
> > application uses TCP or UDP.
>
>   You can also have a look at /etc/services which lists the more
> common protocols and their ports.

Or even sniff the traffic and see which protocols are used.

Re: [gentoo-user] Re: {OT} TCP or UDP?

[kashani]

Etaoin Shrdlu wrote:
> On Tuesday 24 February 2009, 18:21, Florian Philipp wrote:
>> Nikos Chantziaras schrieb:
>>> Grant wrote:
>>>> How can I find out whether I should be specifying TCP, UDP, or both
>>>> for iptables (shorewall) config?
>>> By knowing the application's protocol for which you write the rules
>>> for :P [...]   So you have to research a bit to see if the
>>> application uses TCP or UDP.
>>   You can also have a look at /etc/services which lists the more
>> common protocols and their ports.
> 
> Or even sniff the traffic and see which protocols are used.
> 

	You're going to miss stuff that way. Take for example a DNS server. 
Normally requests are UDP over port 53. However once your request 
exceeds 512 bytes TCP is used on port 53. That rarely happens and in 
fact many ISPs don't seem to be aware that this can happen.
	Chances are you're going to find almost everything you need at 
http://www.shorewall.net/Documentation_Index.html which is going to far 
better than trying to cobble everything together yourself.

kashani

Re: [gentoo-user] Re: {OT} TCP or UDP?

[Grant]

>>>>> How can I find out whether I should be specifying TCP, UDP, or both
>>>>> for iptables (shorewall) config?
>>>>
>>>> By knowing the application's protocol for which you write the rules
>>>> for :P [...]   So you have to research a bit to see if the
>>>> application uses TCP or UDP.
>>>
>>>  You can also have a look at /etc/services which lists the more
>>> common protocols and their ports.
>>
>> Or even sniff the traffic and see which protocols are used.
>>
>
>        You're going to miss stuff that way. Take for example a DNS server.
> Normally requests are UDP over port 53. However once your request exceeds
> 512 bytes TCP is used on port 53. That rarely happens and in fact many ISPs
> don't seem to be aware that this can happen.
>        Chances are you're going to find almost everything you need at
> http://www.shorewall.net/Documentation_Index.html which is going to far
> better than trying to cobble everything together yourself.
>
> kashani

Thanks, I'll take a look through there.

- Grant