Re: connection state tracking with DNS [was Primary DNS...]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 04/14/2017 06:54 PM, Gordon Messmer wrote:
On 04/11/2017 04:16 PM, Alice Wonder wrote:
Hi, I would like to see this addressed.
Is there a firewalld solution to this issue?


Yes:

# Disable connection tracking for UDP DNS traffic
#
https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m
conntrack --ctstate UNTRACKED -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -m
conntrack --ctstate UNTRACKED -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 100 -p
udp -m udp --dport 53 -j CT --notrack
firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 100 -p
udp -m udp --sport 53 -j CT --notrack
firewall-cmd --permanent --direct --add-rule ipv4 raw OUTPUT 100 -p udp
-m udp --dport 53 -j CT --notrack
firewall-cmd --permanent --direct --add-rule ipv4 raw OUTPUT 100 -p udp
-m udp --sport 53 -j CT --notrack
firewall-cmd --reload



Thank you!


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux