> Hi All > > I have a dns with a forwarder to my isp on the iptables > box. I am having trouble on getting dns to work properly. > > When i comment: > > iptables -P INPUT DROP > iptables -p OUTPUT DROP > > DNS will work fine and all the pc's can browse the net. > > I have tried the following with out any luck: > > iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT > iptables -A OUTPUT -p udp --dport 53 -j ACCEPT > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j > ACCEPT > > what rule do i need to add to make things more secure to > get my dns working properly, thanks? # allow internal machines to contact the DNS server iptables -A INPUT -p udp -i $INSIDE_IF -s $INSIDE_NET -d $INSIDE_IP --dport 53 -j ACCEPT # allow established an related packets out iptables -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT normally the "established" rule appears first in your chains, if you are using connection tracking. -j
