On Friday 12 March 2004 2:16 pm, Rakotomandimby Mihamina wrote: > Antony Stone wrote: > >>I made several searches over the internet to build my firewall rules. > >>Here they are : > >>http://stko.dyndns.info/scripts/ipt > > > > I really think you should restrict the rules: > > I did as you say , but i dont kow the destination and/or source port of > the answer from the DNS . DNS servers respond from source port 53. This is the same as all protocols - the response comes back from the same source port that you send the request to as a destination port - ie: HTTP responses come from source port 80; SMTP responses come from source port 25, etc. > OR is it just a "related to established" so that i dont have to care > about the answer ? If all you want is to allow replies from your ISP's DNS servers in response to queries you sent out, then yes, those replies will be covered by the ESTABLISHED rule. If you are running authoritative DNS for a zone and you need to allow external queries to your server then you need to allow NEW packets in to TCP & UDP destination ports 53 (however I do not think this is what you are doing). Regards, Antony. -- Never write it in Perl if you can do it in Awk. Never do it in Awk if sed can handle it. Never use sed when tr can do the job. Never invoke tr when cat is sufficient. Avoid using cat whenever possible. Please reply to the list; please don't CC me.
