15 Jul
2008
15 Jul
'08
4:15 p.m.
I would like to block all DNS queries that come from one particular ip address. I used TCPdump to verify that the queries were in fact, coming from this IP:
[scarolan@server:~]$ sudo tcpdump -n udp port 53 and src 10.100.1.1 tcpdump: listening on eth0 11:12:17.162100 10.100.1.1.19233 > 10.100.1.61.domain: 14270+ A? server.domain.com. (32) (DF)
Could someone help with the proper syntax for an IPtables rule to block port 53 udp traffic from this IP? I tried this rule but it doesn't work:
-A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT