Sean Carolan wrote: >> Does the count field from "iptables -vnL RH-Firewall-1-INPUT" show >> your REJECT rules being hit? > > Yes, the rule gets hit and it returns an answer to the DNS query > anyway. I saw it increment from 10 to 11 when I ran the query: > > 11 692 REJECT udp -- * * 10.100.1.1 > 0.0.0.0/0 udp dpt:53 reject-with icmp-port-unreachable I seriously doubt that the response came from this machine since the packet that hit that rule died right there. Does the machine that sent the request have a secondary DNS server configured? The REJECT response would have resulted in an immediate query to the next server. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.