I would like to drop all UDP traffic (everything else is allowed) while still allowing outbound UDP traffic. The outbound traffic is mainly from gaming and voip calls. The UDP traffic needs to be blocked as the ISP (ovh) does not filter UDP based ddos attacks. They only filter TCP based ddos attacks. This was confirmed with a short phone call to them. That being said I need a way to block UDP to avoid DDOS attacks utilizing the UDP protocol from becoming successful while still allowing the outbound traffic. This will be done on a VPS Server at OVH running a VPN Server (OpenVPN TCP Port 443). Is there a set of rules I could add into iptables to accomplish this?
Security – How to block UDP while still allowing outbound UDP connections with iptables
ddosiptablesopenvpnSecurityudp
Related Topic
- OpenVPN – Limit/Throttle Per User Bandwidth Using TC
- Iptables – How to block 111 udp port via iptables
- Do DNS queries always travel over UDP
- Iptables – Unable to communicate on port 443. Eventhough Outbound and INbound traffic are allowed on port 443
- Block UDP on LAN with iptables – DD-WRT Firmware Guide
Best Answer
While blocking all incoming UDP is pretty simple:
you may want to consider giving a look to the:
to see which UDP services you may need to allow through.