Blocking outgoing UDP traffic using iptables

Published on 2007-01-03 21:15:00+00:00
Linux   networking  

Since rebuilding my server (after having it used to propogate a UDP flood DoS attack), I’ve been advised that I should set up iptables to block any unnecessary outbound UDP traffic. So, how do I do this?
Well, the first thing I’ll do is update my apt repository, and install iptables using the following two commands:

apt-get update  
apt-get install iptables

Now, the quick and dirty solution is to just add append a rule that blocks all outgoing UDP packets from my server. You can do this based on the systems IP addess. Assuming my server’s IP addess is, I would use the following rule:

iptables -A OUTPUT -s -p udp -j DROP

Essentially, this rule says, match any outbound UDP packets whose source address (-s) is, and jump (-j) to the DROP chain. That will drop the packet. Now, just to be safe, I’ll add the same rool using my loopback address, as follows:

iptables -A OUTPUT -s -p udp -j DROP

Now, let’s just hope that keeps me covered until I can find a little more advanced solution that will also write to a log when a packet gets dropped...

Resources:* netfilter’s documentation