[CentOS] Help with iptables rule for blocking UDP port 53

Sean Carolan scarolan at gmail.com
Tue Jul 15 18:46:07 UTC 2008

On Tue, Jul 15, 2008 at 1:43 PM, nate <centos at linuxpowered.net> wrote:
> Sean Carolan wrote:
>> I do have a rule for blocking TCP, forgot to mention that.  You can
>> see from my tcpdump output above that the inbound packet is UDP
>> though.  I wonder why iptables doesn't block it even with this rule?
> Try to insert the rule (-I) instead of append (-A). I recall encountering
> weirdness between using the two different methods for adding a rule.
> I don't know why, but it seems to make a difference in some cases.
> The man page doesn't make it clear to me what the difference is and why
> it (might) cause a change of behavior.

I might try this on a dev box, but I'm actually happy with the new
DROP rule.  It may be better just to drop the traffic and not let the
world know a DNS server even exists at this address.

More information about the CentOS mailing list