Sean Carolan wrote:
I'm attempting to block access to port 53 from internet hosts for an
internal server. This device is behind a gateway router so all
traffic appears to come from source ip 10.100.1.1. Here are my
(non-working) iptables rules:
-A RH-Firewall-1-INPUT -s 10.100.1.1 -m tcp -p tcp --dport 53 -j REJECT
-A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT
Further down the ruleset I have these rules to allow traffic from
everyone else. If these rules are removed then nobody can make
queries, because of the final default REJECT rule.
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
I have used tcpdump and confirmed that packets are in fact still
coming across from internet hosts. What am I doing wrong?
[scarolan@host:~]$ sudo tcpdump -n udp port 53 | grep 10.100.1.1
tcpdump: listening on eth0
14:46:40.539995 10.100.1.1.60793 > 10.100.1.61.domain: 62011+ A?
server.domain.com. (32) (DF)
Are you running tcpdump on the same machine that is doing the filtering?
You do realize that tcpdump sees the packets as they come from the
interface and before they are passed to the filter rules, right?
Does the count field from "iptables -vnL RH-Firewall-1-INPUT" show
your REJECT rules being hit?
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
