Small misconception, np.
A port is opened when an application requests a network connection.
So, to have UPD/53 "opened" you would need for instance to start named, the DNS server. You don't want that cuz you don't want to provide DNS records to other ppl.
What you want is some fw rules:
# Allow UDP packets in for DNS client from nameservers.
iptables -A INPUT -i $IFACE -p udp -s $NAMESERVER_1 --sport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i $IFACE -p udp -s $NAMESERVER_2 --sport 53 -m state --state ESTABLISHED -j ACCEPT
# Allow UDP packets to DNS servers from client.
iptables -A OUTPUT -o $IFACE -p udp -d $NAMESERVER_1 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o $IFACE -p udp -d $NAMESERVER_2 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
Where $IFACE is the network device with the public IP address on it, and $NAMESERVER_# are your ISP's namserver IP addresses.
|