If conntrack can track the TFTP sessions, then you should be able to
filter it using -m state in iptables.
iptables -A ... -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A ... -m state --state NEW -p udp --dport 69 -j ACCEPT
You can have one rule in INPUT and the other in OUTPUT, or bot
Hi ,
Thanx for your reply but my query is different already ip_conntrack_tftp
is loaded in my centos . TFTP is working fine now ,but i want to toghten
more security on iptables.Right now all of my udp port is opened, i dont
want to do that .see my previous mail below
###
2 matches
Mail list logo
