Sean Carolan wrote: > I would like to block all DNS queries that come from one particular ip > address. I used TCPdump to verify that the queries were in fact, > coming from this IP: > > [scarolan at server:~]$ sudo tcpdump -n udp port 53 and src 10.100.1.1 > tcpdump: listening on eth0 > 11:12:17.162100 10.100.1.1.19233 > 10.100.1.61.domain: 14270+ A? > server.domain.com. (32) (DF) > > Could someone help with the proper syntax for an IPtables rule to > block port 53 udp traffic from this IP? I tried this rule but it > doesn't work: > > -A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT > Strange...your rule seems ok to me. Try with DROP instead of REJECT ?