Nick Howden <n.howden@eris.qinetiq.com> writes:
> The firewall rules I have are :
> # Postgres Statistics Collector
> iptables -A INPUT -p udp \
> -i lo --sport 32779 --dport 32779 \
> -j ACCEPT
> iptables -A OUTPUT -p udp \
> -o lo --sport 32779 --dport 32779 \
> -j ACCEPT
> ###
Apparently somebody fired up postgres, noted the UDP port number it
happened to have bound to that particular time, and assumed that that
was the only possibility. This is not so. If I were you I'd just drop
the port-number constraints ... local loopback UDP traffic is not a
major source of security threats.
regards, tom lane