[CentOS] Help with iptables rule for blocking UDP port 53
Sean Carolan
scarolan at gmail.comTue Jul 15 17:15:00 UTC 2008
- Previous message: [CentOS] Help with iptables rule for blocking UDP port 53
- Next message: [CentOS] Help with iptables rule for blocking UDP port 53
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I do have a rule for blocking TCP, forgot to mention that. You can > see from my tcpdump output above that the inbound packet is UDP > though. I wonder why iptables doesn't block it even with this rule? The really strange part about this is, if I remove the ACCEPT rules that are further down in my iptables config, NO dns traffic gets through at all, due to the final REJECT rule: ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW ... ... REJECT all -- anywhere anywhere reject-with icmp-host-prohibited So iptables does seem to be able to properly recognize udp port 53 traffic, it's just not filtering correctly against the source IP address.
- Previous message: [CentOS] Help with iptables rule for blocking UDP port 53
- Next message: [CentOS] Help with iptables rule for blocking UDP port 53
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list