On 04/14/2017 06:54 PM, Gordon Messmer wrote: > On 04/11/2017 04:16 PM, Alice Wonder wrote: >> Hi, I would like to see this addressed. >> Is there a firewalld solution to this issue? > > > Yes: > > # Disable connection tracking for UDP DNS traffic > # > https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html > > firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m > conntrack --ctstate UNTRACKED -j ACCEPT > firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -m > conntrack --ctstate UNTRACKED -j ACCEPT > firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 100 -p > udp -m udp --dport 53 -j CT --notrack > firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 100 -p > udp -m udp --sport 53 -j CT --notrack > firewall-cmd --permanent --direct --add-rule ipv4 raw OUTPUT 100 -p udp > -m udp --dport 53 -j CT --notrack > firewall-cmd --permanent --direct --add-rule ipv4 raw OUTPUT 100 -p udp > -m udp --sport 53 -j CT --notrack > firewall-cmd --reload > > Thank you!