Re: Help with iptables rule for blocking UDP port 53

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Tue, Jul 15, 2008 at 1:43 PM, nate <centos@xxxxxxxxxxxxxxxx> wrote:
> Sean Carolan wrote:
>
>> I do have a rule for blocking TCP, forgot to mention that.  You can
>> see from my tcpdump output above that the inbound packet is UDP
>> though.  I wonder why iptables doesn't block it even with this rule?
>
> Try to insert the rule (-I) instead of append (-A). I recall encountering
> weirdness between using the two different methods for adding a rule.
> I don't know why, but it seems to make a difference in some cases.
> The man page doesn't make it clear to me what the difference is and why
> it (might) cause a change of behavior.

I might try this on a dev box, but I'm actually happy with the new
DROP rule.  It may be better just to drop the traffic and not let the
world know a DNS server even exists at this address.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux