I'm attempting to block access to port 53 from internet hosts for an internal server. This device is behind a gateway router so all traffic appears to come from source ip 10.100.1.1. Here are my (non-working) iptables rules:
-A RH-Firewall-1-INPUT -s 10.100.1.1 -m tcp -p tcp --dport 53 -j REJECT -A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT
Further down the ruleset I have these rules to allow traffic from everyone else. If these rules are removed then nobody can make queries, because of the final default REJECT rule.
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
I have used tcpdump and confirmed that packets are in fact still coming across from internet hosts. What am I doing wrong?
[scarolan@host:~]$ sudo tcpdump -n udp port 53 | grep 10.100.1.1 tcpdump: listening on eth0 14:46:40.539995 10.100.1.1.60793 > 10.100.1.61.domain: 62011+ A? server.domain.com. (32) (DF)