On Thursday 10 October 2002 3:17 am, David F. Strauch wrote: > I?ve just started writing the script to allow DNS Loopkups as a client with > the following: > > iptables -A OUTPUT -o $INTERNET -p udp \ > -s $IPADDR --sport $UNPRIVPORTS \ > -d $NAMESERVER --dport 53 -j ACCEPT Why are you specifying Source Address and Port on an OUTPUT rule ? > iptables -A INPUT -i $INTERNET -p udp \ > -s $NAMESERVER --sport 53 \ > -d $IPADDR --dport $UNPRIVPORTS -j ACCEPT Is it really necessary to specify Destination Address and Port on an INPUT rule ? How many addresses do you have on your interface, and why would you only want some of them to receive DNS replies ? > When I execute the script with sh /etc/rc.d/rc.firewalls I receive Bad > argument `53' for every instance of either --dport 53 or --sport 53. I?ve > also tried --destination-port and --source-port with out any success. Check what the earlier variables in the command contain. I think you'll probably find one (or more) of them is empty. Antony. -- Abandon hope, all ye who enter here. You'll feel much better about things once you do.
