Hi,
I'm trying to allow all udp (multicast only) packets through the firewall. I wrote the following into /etc/csf/csfpost.sh:
iptables -A ALLOWIN ! -i lo -m pkttype --pkt-type multicast -p udp -j ACCEPT
iptables -A ALLOWIN ! -i lo -m pkttype --pkt-type multicast -p udplite -j ACCEPT
iptables -A ALLOWOUT ! -o lo -m pkttype --pkt-type multicast -p udp -j ACCEPT
iptables -A ALLOWOUT ! -o lo -m pkttype --pkt-type multicast -p udplite -j ACCEPT
I'm receiving udp multicast packets all time (realtime datafeeds), and debugging whether i receive them or not with mreceive (https://github.com/troglobit/mtools/). If no firewall it receives packets, and no packets received if csf is up.
To debug a little i tried dumping csf created rules to a file ('iptables-save > file' after starting csf) and then editing the following lines:
-A ALLOWIN -s 10.150.2.11/32 ! -i lo -p tcp -m tcp --dport 3306 -j ACCEPT
-A ALLOWIN -s 10.150.2.11/32 ! -i lo -p tcp -m tcp --dport 27017 -j ACCEPT
-A ALLOWIN -j LOG --log-level 4 --log-message "iptables: before udp multicast accept"
-A ALLOWIN ! -i lo -p udp -m pkttype --pkt-type multicast -j ACCEPT
-A ALLOWIN ! -i lo -p udplite -m pkttype --pkt-type multicast -j ACCEPT
-A ALLOWIN -j LOG --log-level 4 --log-prefix "iptables: after udp multicast accept"
Then stopped csf, run the modified rules (iptables-restore <file) and watch the log. I can see "before" log messages logged, but no "after" messages logged. As far as i know this should mean packets are being filtered and accepted fine, but i receive no packets at all (not just mreceive, but in my consumer application).
Can anybody point out what am i missing?
Csf dropping manually allowed udp packets?
Re: Csf dropping manually allowed udp packets?
Are those ports 3306 and 27017 open in TCP IN/OUT and/or UDP IN/OUT?