Re: [CentOS] BIND issues, server not responding

23 Aug 2007


      ...
Chain RH-Firewall-1-INPUT (2 references)
ugh. I absolutely detest the tool behind this.
This is what I do.
Trusted interfaces like lo and networks go first and then packets 
belonging to established connections are shorted which leaves connection 
requests to be branched out into tcp, udp and icmp chains. Further 
branching can then be done as desired. Eg: If you firewall a lot of spam 
sources, you could test for smtp packets going to port 25 and branch 
those out to another chain that deals solely with the spam sources and 
spare other connection requests having to go through rules that they are 
definitely not going to match.
iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  10.9.0.0/17          0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED
tcp_packets  tcp  --  0.0.0.0/0            0.0.0.0/0
udp_packets  udp  --  0.0.0.0/0            0.0.0.0/0
icmp_packets  icmp --  0.0.0.0/0            0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain icmp_packets (1 references)
target     prot opt source               destination
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
Chain tcp_packets (1 references)
target     prot opt source               destination
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:113 
reject-with tcp-reset
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:993 
state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:143 
state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:587 
state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:465 
state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:1194
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21 
state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:110
Chain udp_packets (1 references)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
udp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:123

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] BIND issues, server not responding