[CentOS] Help with iptables rule for blocking UDP port 53
Sean Carolan
scarolan at gmail.com
Tue Jul 15 18:46:07 UTC 2008
On Tue, Jul 15, 2008 at 1:43 PM, nate <centos at linuxpowered.net> wrote:
> Sean Carolan wrote:
>
>> I do have a rule for blocking TCP, forgot to mention that. You can
>> see from my tcpdump output above that the inbound packet is UDP
>> though. I wonder why iptables doesn't block it even with this rule?
>
> Try to insert the rule (-I) instead of append (-A). I recall encountering
> weirdness between using the two different methods for adding a rule.
> I don't know why, but it seems to make a difference in some cases.
> The man page doesn't make it clear to me what the difference is and why
> it (might) cause a change of behavior.
I might try this on a dev box, but I'm actually happy with the new
DROP rule. It may be better just to drop the traffic and not let the
world know a DNS server even exists at this address.
More information about the CentOS
mailing list