[CentOS] Iptables not blocking UDP port 53
Sean Carolan
scarolan at gmail.comThu Jul 10 19:51:35 UTC 2008
- Previous message: [CentOS] redirecting when behind a firewall
- Next message: [CentOS] Re: Iptables not blocking UDP port 53
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm attempting to block access to port 53 from internet hosts for an internal server. This device is behind a gateway router so all traffic appears to come from source ip 10.100.1.1. Here are my (non-working) iptables rules: -A RH-Firewall-1-INPUT -s 10.100.1.1 -m tcp -p tcp --dport 53 -j REJECT -A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT Further down the ruleset I have these rules to allow traffic from everyone else. If these rules are removed then nobody can make queries, because of the final default REJECT rule. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT I have used tcpdump and confirmed that packets are in fact still coming across from internet hosts. What am I doing wrong? [scarolan at host:~]$ sudo tcpdump -n udp port 53 | grep 10.100.1.1 tcpdump: listening on eth0 14:46:40.539995 10.100.1.1.60793 > 10.100.1.61.domain: 62011+ A? server.domain.com. (32) (DF)
- Previous message: [CentOS] redirecting when behind a firewall
- Next message: [CentOS] Re: Iptables not blocking UDP port 53
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list