[CentOS] connection state tracking with DNS [was Primary DNS...]
Gordon Messmer
gordon.messmer at gmail.comSat Apr 15 01:54:14 UTC 2017
- Previous message: [CentOS] connection state tracking with DNS [was Primary DNS...]
- Next message: [CentOS] connection state tracking with DNS [was Primary DNS...]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 04/11/2017 04:16 PM, Alice Wonder wrote: > Hi, I would like to see this addressed. > Is there a firewalld solution to this issue? Yes: # Disable connection tracking for UDP DNS traffic # https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m conntrack --ctstate UNTRACKED -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -m conntrack --ctstate UNTRACKED -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 100 -p udp -m udp --dport 53 -j CT --notrack firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 100 -p udp -m udp --sport 53 -j CT --notrack firewall-cmd --permanent --direct --add-rule ipv4 raw OUTPUT 100 -p udp -m udp --dport 53 -j CT --notrack firewall-cmd --permanent --direct --add-rule ipv4 raw OUTPUT 100 -p udp -m udp --sport 53 -j CT --notrack firewall-cmd --reload
- Previous message: [CentOS] connection state tracking with DNS [was Primary DNS...]
- Next message: [CentOS] connection state tracking with DNS [was Primary DNS...]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list