LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-15-2002, 12:30 PM   #1
SpookMonkey
LQ Newbie
 
Registered: Apr 2002
Distribution: Mine
Posts: 10

Rep: Reputation: 0
Question IPTable Policies Concerning DNS... Help.


Hi everyone,

I'm building a firewall, but I seem to be having troubles with allowing DNS through. I'm using IPTables v1.2.6a. And here is my iptables policy:

iptables -P INPUT DROP
iptables -P OUTOUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p udp -s 0/0 --sport 53 -d 0/0 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 53 -d 0/0 -j ACCEPT

Now as far as I know, that should work. It should DROP everything, accept for DNS request's. But that doesn't seem to work. Does anyone have any idea what I'm doing wrong ?

Thanks

-SpookMonkey
 
Old 05-15-2002, 12:38 PM   #2
sewer_monkey
Member
 
Registered: May 2002
Location: Toronto, ON, Canada
Distribution: Ubuntu, Debian, RedHat/CentOS
Posts: 624

Rep: Reputation: 31
Tight policy... Do you intend any packets to leave your box (such as a DNS query)?
 
Old 05-15-2002, 01:32 PM   #3
SpookMonkey
LQ Newbie
 
Registered: Apr 2002
Distribution: Mine
Posts: 10

Original Poster
Rep: Reputation: 0
Fixed it.

Fixed it. Yup I guess packets DONT automagically know what to do and where to go. They have to be granted permission to leave the saftey and sanity of the firewall box.
Here is my new Iptables policy, for those interested.

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Allow local device trafic
iptables -A OUTPUT -p ALL -o lo -j ACCEPT
iptables -A OUTPUT -p ALL -o eth0 -j ACCEPT

# Some Logging
iptables -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "

iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows XP Policies with Samba dlublink Linux - Networking 1 02-25-2005 11:37 AM
How can i use group policies using samba linuxeagle Linux - Networking 0 11-13-2003 11:04 AM
Shorewall policies + rules richlawson Linux - Networking 2 06-29-2003 11:35 AM
W2K policies kasols1 Linux - Networking 1 11-29-2002 02:43 AM
Windows Policies TheSockMonster Linux - Networking 0 07-16-2002 03:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration