[CentOS] Iptables not blocking UDP port 53

Sat Jul 12 02:49:07 UTC 2008
Rob Townley <rob.townley at gmail.com>

On Fri, Jul 11, 2008 at 7:03 PM, Johnny Hughes <jhughes at hughesjr.com> wrote:
> Sean Carolan wrote:
>>
>> I'm attempting to block access to port 53 from internet hosts for an
>> internal server.  This device is behind a gateway router so all
>> traffic appears to come from source ip 10.100.1.1.  Here are my
>> (non-working) iptables rules:
>>
>
> If it is behind a gateway router, how is port 53 traffic getting from the
> internet to that DNS server in the first place.
>
> Also ... IF you are PORT FORWARDING port 53 from the internet to the DNS
> server, then the SOURCE IP will not be the IP of the forwarding device, but
> the IP of the machine making the request.
>
> If this device is really behind a firewall why are you even forwarding any
> traffic to it from port 53 in the first palce?
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Assuming a SOHO LinkSys firewall preferably with dd-wrt alternative firmware.
Are you sure this DNS Server is not in the DMZ?
Are you sure the port isn't opened under the UPnP section?  It is
conceivable that mDNS / AVAHI  with a UPnP router automatically open
this port on the firewall.