UDP Protocols
SunScreen EFS 3.0 contains several state engines to handle UDP protocols. They are:
-
udp--Stateful UDP packet filtering. Allows a single request-and-response exchange between Source and Destination. State entries are timed out in 20 seconds if no response is received.
-
udpall--This state engine is identical to udp, but has a lower precedence. (For an explanation of precedence, see Appendix C of this SunScreen EFS 3.0 Reference Manual.) It is useful for avoiding conflicts while defining service groups containing many services.
-
udp_datagram--This engine passes UDP packets in one direction; from Source to Destination. You can specify that broadcast packets should be passed.
-
udp_stateless--This state engine allows UDP packets to be sent between Source and Destination. The field UDP Port(s) specifies the list of destination UDP ports that are allowed. The source UDP port must be a unreserved port. Note that this is a two-way exchange of UDP packets. Because some services use unreserved port numbers, use of this state engine can open up security holes. We do not recommend its use.
With all of the UDP engines, you define a new service entry specifying the well-known destination, UDP port. Specifying port "*" passes all UDP traffic.
- © 2010, Oracle Corporation and/or its affiliates