[CentOS] Re: Iptables not blocking UDP port 53
rnicholsNOSPAM at comcast.net
Fri Jul 11 04:05:04 UTC 2008
Sean Carolan wrote:
>> Does the count field from "iptables -vnL RH-Firewall-1-INPUT" show
>> your REJECT rules being hit?
> Yes, the rule gets hit and it returns an answer to the DNS query
> anyway. I saw it increment from 10 to 11 when I ran the query:
> 11 692 REJECT udp -- * * 10.100.1.1
> 0.0.0.0/0 udp dpt:53 reject-with icmp-port-unreachable
I seriously doubt that the response came from this machine since
the packet that hit that rule died right there. Does the machine
that sent the request have a secondary DNS server configured?
The REJECT response would have resulted in an immediate query to
the next server.
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the CentOS