[CentOS] Help with iptables rule for blocking UDP port 53
Sean Carolan
scarolan at gmail.com
Tue Jul 15 17:15:00 UTC 2008
> I do have a rule for blocking TCP, forgot to mention that. You can
> see from my tcpdump output above that the inbound packet is UDP
> though. I wonder why iptables doesn't block it even with this rule?
The really strange part about this is, if I remove the ACCEPT rules
that are further down in my iptables config, NO dns traffic gets
through at all, due to the final REJECT rule:
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp
dpt:domain state NEW
...
...
REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited
So iptables does seem to be able to properly recognize udp port 53
traffic, it's just not filtering correctly against the source IP
address.
More information about the CentOS
mailing list