How to confirm a low number port (67 UDP) is being blocked by my firewall?
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
Based on this answer, blocking port 67 UDP outgoing should be
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p udp -m udp --dport=67 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
firewall-cmd --reload
Port 67 UDP is the port a DHCP server uses, so I would like to verify that the port is indeed blocked before I start the DHCP server, so I can experiment with it in a sandbox.
Question
Since it is UDP and below 1024, how can I comfirm it is blocked?
linux networking firewall
add a comment |Â
up vote
3
down vote
favorite
Based on this answer, blocking port 67 UDP outgoing should be
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p udp -m udp --dport=67 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
firewall-cmd --reload
Port 67 UDP is the port a DHCP server uses, so I would like to verify that the port is indeed blocked before I start the DHCP server, so I can experiment with it in a sandbox.
Question
Since it is UDP and below 1024, how can I comfirm it is blocked?
linux networking firewall
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
Based on this answer, blocking port 67 UDP outgoing should be
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p udp -m udp --dport=67 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
firewall-cmd --reload
Port 67 UDP is the port a DHCP server uses, so I would like to verify that the port is indeed blocked before I start the DHCP server, so I can experiment with it in a sandbox.
Question
Since it is UDP and below 1024, how can I comfirm it is blocked?
linux networking firewall
Based on this answer, blocking port 67 UDP outgoing should be
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p udp -m udp --dport=67 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
firewall-cmd --reload
Port 67 UDP is the port a DHCP server uses, so I would like to verify that the port is indeed blocked before I start the DHCP server, so I can experiment with it in a sandbox.
Question
Since it is UDP and below 1024, how can I comfirm it is blocked?
linux networking firewall
linux networking firewall
edited 16 mins ago
200_success
4,10011840
4,10011840
asked 5 hours ago
Sandra
4,3473275137
4,3473275137
add a comment |Â
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
1
down vote
accepted
You can use a tool like netcat (on the server echo test | nc -u <other IP> 67
and on another machine nc -u -l -p 67
, or use Wireshark or similar) and see if the message pops up.
New contributor
add a comment |Â
up vote
2
down vote
Port 67 UDP is the port a DHCP server uses, so I would like to verify
that the port is indeed closed before I start the dhcp server, so I
can experiment with it in a sandbox.
A test DHCP server should be isolated in a VLAN or configured with split scopes that don't overlap existing DHCP ranges. If test and production are in the same broadcast domain, either may get the broadcast which may cause unexpected behavior. See: 2 DHCP servers on one network
Also, you can limit the interfaces dhcpd is listening on to this sandbox net. Without relay agents, it won't see DHCPDISCOVER messages on other nets.
add a comment |Â
up vote
0
down vote
I'm pretty sure you could use Nmap's UDP port scan to specify the protocol and port. The syntax is as follows:
$ sudo nmap -sU -p port target
New contributor
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
You can use a tool like netcat (on the server echo test | nc -u <other IP> 67
and on another machine nc -u -l -p 67
, or use Wireshark or similar) and see if the message pops up.
New contributor
add a comment |Â
up vote
1
down vote
accepted
You can use a tool like netcat (on the server echo test | nc -u <other IP> 67
and on another machine nc -u -l -p 67
, or use Wireshark or similar) and see if the message pops up.
New contributor
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
You can use a tool like netcat (on the server echo test | nc -u <other IP> 67
and on another machine nc -u -l -p 67
, or use Wireshark or similar) and see if the message pops up.
New contributor
You can use a tool like netcat (on the server echo test | nc -u <other IP> 67
and on another machine nc -u -l -p 67
, or use Wireshark or similar) and see if the message pops up.
New contributor
New contributor
answered 4 hours ago
user
341
341
New contributor
New contributor
add a comment |Â
add a comment |Â
up vote
2
down vote
Port 67 UDP is the port a DHCP server uses, so I would like to verify
that the port is indeed closed before I start the dhcp server, so I
can experiment with it in a sandbox.
A test DHCP server should be isolated in a VLAN or configured with split scopes that don't overlap existing DHCP ranges. If test and production are in the same broadcast domain, either may get the broadcast which may cause unexpected behavior. See: 2 DHCP servers on one network
Also, you can limit the interfaces dhcpd is listening on to this sandbox net. Without relay agents, it won't see DHCPDISCOVER messages on other nets.
add a comment |Â
up vote
2
down vote
Port 67 UDP is the port a DHCP server uses, so I would like to verify
that the port is indeed closed before I start the dhcp server, so I
can experiment with it in a sandbox.
A test DHCP server should be isolated in a VLAN or configured with split scopes that don't overlap existing DHCP ranges. If test and production are in the same broadcast domain, either may get the broadcast which may cause unexpected behavior. See: 2 DHCP servers on one network
Also, you can limit the interfaces dhcpd is listening on to this sandbox net. Without relay agents, it won't see DHCPDISCOVER messages on other nets.
add a comment |Â
up vote
2
down vote
up vote
2
down vote
Port 67 UDP is the port a DHCP server uses, so I would like to verify
that the port is indeed closed before I start the dhcp server, so I
can experiment with it in a sandbox.
A test DHCP server should be isolated in a VLAN or configured with split scopes that don't overlap existing DHCP ranges. If test and production are in the same broadcast domain, either may get the broadcast which may cause unexpected behavior. See: 2 DHCP servers on one network
Also, you can limit the interfaces dhcpd is listening on to this sandbox net. Without relay agents, it won't see DHCPDISCOVER messages on other nets.
Port 67 UDP is the port a DHCP server uses, so I would like to verify
that the port is indeed closed before I start the dhcp server, so I
can experiment with it in a sandbox.
A test DHCP server should be isolated in a VLAN or configured with split scopes that don't overlap existing DHCP ranges. If test and production are in the same broadcast domain, either may get the broadcast which may cause unexpected behavior. See: 2 DHCP servers on one network
Also, you can limit the interfaces dhcpd is listening on to this sandbox net. Without relay agents, it won't see DHCPDISCOVER messages on other nets.
answered 4 hours ago
John Mahowald
5,9021612
5,9021612
add a comment |Â
add a comment |Â
up vote
0
down vote
I'm pretty sure you could use Nmap's UDP port scan to specify the protocol and port. The syntax is as follows:
$ sudo nmap -sU -p port target
New contributor
add a comment |Â
up vote
0
down vote
I'm pretty sure you could use Nmap's UDP port scan to specify the protocol and port. The syntax is as follows:
$ sudo nmap -sU -p port target
New contributor
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I'm pretty sure you could use Nmap's UDP port scan to specify the protocol and port. The syntax is as follows:
$ sudo nmap -sU -p port target
New contributor
I'm pretty sure you could use Nmap's UDP port scan to specify the protocol and port. The syntax is as follows:
$ sudo nmap -sU -p port target
New contributor
New contributor
answered 5 hours ago
OHackerDoAmor
111
111
New contributor
New contributor
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f937838%2fhow-to-confirm-a-low-number-port-67-udp-is-being-blocked-by-my-firewall%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password