[CentOS] Help with iptables rule for blocking UDP port 53

Sean Carolan scarolan at gmail.com
Tue Jul 15 17:15:00 UTC 2008

> I do have a rule for blocking TCP, forgot to mention that.  You can
> see from my tcpdump output above that the inbound packet is UDP
> though.  I wonder why iptables doesn't block it even with this rule?

The really strange part about this is, if I remove the ACCEPT rules
that are further down in my iptables config, NO dns traffic gets
through at all, due to the final REJECT rule:

ACCEPT     tcp  --  anywhere             anywhere           tcp
dpt:domain state NEW
ACCEPT     udp  --  anywhere             anywhere           udp
dpt:domain state NEW
REJECT     all  --  anywhere             anywhere
reject-with icmp-host-prohibited

So iptables does seem to be able to properly recognize udp port 53
traffic, it's just not filtering correctly against the source IP

More information about the CentOS mailing list