Re: Help with iptables rule for blocking UDP port 53

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

> I do have a rule for blocking TCP, forgot to mention that.  You can
> see from my tcpdump output above that the inbound packet is UDP
> though.  I wonder why iptables doesn't block it even with this rule?

The really strange part about this is, if I remove the ACCEPT rules
that are further down in my iptables config, NO dns traffic gets
through at all, due to the final REJECT rule:

ACCEPT     tcp  --  anywhere             anywhere           tcp
dpt:domain state NEW
ACCEPT     udp  --  anywhere             anywhere           udp
dpt:domain state NEW
...
...
REJECT     all  --  anywhere             anywhere
reject-with icmp-host-prohibited

So iptables does seem to be able to properly recognize udp port 53
traffic, it's just not filtering correctly against the source IP
address.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux