[CentOS] Iptables not blocking UDP port 53

Rob Townley rob.townley at gmail.com
Sat Jul 12 02:49:07 UTC 2008

On Fri, Jul 11, 2008 at 7:03 PM, Johnny Hughes <jhughes at hughesjr.com> wrote:
> Sean Carolan wrote:
>> I'm attempting to block access to port 53 from internet hosts for an
>> internal server.  This device is behind a gateway router so all
>> traffic appears to come from source ip  Here are my
>> (non-working) iptables rules:
> If it is behind a gateway router, how is port 53 traffic getting from the
> internet to that DNS server in the first place.
> Also ... IF you are PORT FORWARDING port 53 from the internet to the DNS
> server, then the SOURCE IP will not be the IP of the forwarding device, but
> the IP of the machine making the request.
> If this device is really behind a firewall why are you even forwarding any
> traffic to it from port 53 in the first palce?
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Assuming a SOHO LinkSys firewall preferably with dd-wrt alternative firmware.
Are you sure this DNS Server is not in the DMZ?
Are you sure the port isn't opened under the UPnP section?  It is
conceivable that mDNS / AVAHI  with a UPnP router automatically open
this port on the firewall.

More information about the CentOS mailing list