Q

Will iptables screen UDP traffic?

UDP is a connectionless protocol that can't be screened using strict stateful inspection. However, most modern firewalls, including iptables, treat UDP in the same manner as a connection-oriented protocol. Mike Chapple explains the process in this SearchSecurity.com Q&A.

It seems that UDP traffic can't be screened for stateful inspection in my stateful-inspection firewall. Will a session in iptables produce the same results?
You're correct; UDP traffic can't be screened using strict stateful inspection. That's because UDP is a connectionless protocol and doesn't maintain session state. The protocol is much different than TCP, which uses a three-way handshake to set up and tear down connections.

However, most modern firewalls, including iptables, treat UDP in the same manner as a connection-oriented protocol.

If you create a rule allowing UDP traffic in one direction, the firewall will allow associated return traffic.

Let's consider an example. Suppose you decided to allow outbound DNS traffic on UDP port 53. In its state table, the firewall will track any requests that match the rule, and the DNS server's UDP response is then allowed to reach the client.

Without a three-way handshake, however, the firewall doesn't know when to remove the entry from its state table. To accommodate this situation, firewalls usually use a timer that allows return traffic to pass until the connection is inactive for a specified period of time, which is normally a few minutes. Once the firewall reaches that inactivity threshold, it discards the entry from the state table.

More information:

  • Find out how extrusion detection and prevention products inspect network traffic and keep confidential information within the enterprise.
  • Learn how DNS amplification attackers use UDP packets to flood their victims.
  • This was first published in September 2007

    Dig deeper on Network Firewalls, Routers and Switches

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close