[CentOS] Re: Iptables not blocking UDP port 53
Sean Carolan
scarolan at gmail.comThu Jul 10 20:51:53 UTC 2008
- Previous message: [CentOS] Re: Iptables not blocking UDP port 53
- Next message: [CentOS] Re: Iptables not blocking UDP port 53
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Are you running tcpdump on the same machine that is doing the filtering? > You do realize that tcpdump sees the packets as they come from the > interface and before they are passed to the filter rules, right? I had forgotten this important piece of information. Thank you for pointing this out. The packets still seem to be getting through to the BIND daemon, however, because I can still query the box from the Internet. > Does the count field from "iptables -vnL RH-Firewall-1-INPUT" show > your REJECT rules being hit? Yes, the rule gets hit and it returns an answer to the DNS query anyway. I saw it increment from 10 to 11 when I ran the query: 11 692 REJECT udp -- * * 10.100.1.1 0.0.0.0/0 udp dpt:53 reject-with icmp-port-unreachable
- Previous message: [CentOS] Re: Iptables not blocking UDP port 53
- Next message: [CentOS] Re: Iptables not blocking UDP port 53
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list