RE: Blocking access to UDP port 53 (DNS) - Solution

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: RE: Blocking access to UDP port 53 (DNS) - Solution

OK,
I got it. Here is the rule set I tried and had success (b.t.w. The DNS server is fire walled but is a standalone machine - no forwarding)

The answer was to reference DNS requests for port 25 only.
iptables -A INPUT --protocol udp --source-port 25 -s 63.143.210.0/24 -j LOG --log-prefix "XXX LOCAL UDP DNS XXX "
iptables -A INPUT --protocol udp --source-port 25 -s 63.143.210.0/24 -j ACCEPT
iptables -A INPUT --protocol udp --source-port 25 -j LOG --log-prefix "XXX EXTERNAL UDP LOG XXX "
iptables -A INPUT --protocol udp --source-port 25 -j ACCEPT
iptables -A INPUT -p udp -j LOG --log-prefix "XXX UDP DROP XXX "
iptables -A INPUT -p udp -j DROP
Also will drop the 25 sport reference on the internal side along with the logging as a final solution


Len Laulainen



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux