On 04/14/2017 06:54 PM, Gordon Messmer wrote:
On 04/11/2017 04:16 PM, Alice Wonder wrote:
Hi, I would like to see this addressed.
Is there a firewalld solution to this issue?
Yes:
# Disable connection tracking for UDP DNS traffic
#
https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m
conntrack --ctstate UNTRACKED -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -m
conntrack --ctstate UNTRACKED -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 100 -p
udp -m udp --dport 53 -j CT --notrack
firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 100 -p
udp -m udp --sport 53 -j CT --notrack
firewall-cmd --permanent --direct --add-rule ipv4 raw OUTPUT 100 -p udp
-m udp --dport 53 -j CT --notrack
firewall-cmd --permanent --direct --add-rule ipv4 raw OUTPUT 100 -p udp
-m udp --sport 53 -j CT --notrack
firewall-cmd --reload
Thank you!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos