Which iptables chain controls access to DNS (port 53)
I am running a CentOS 7 box with two NICs as a router/firewall/DHCP etc. By examining the firewall with iptables -L I have observed that firewalld has taken the three basic chains INPUT, FORWARD and OUTPUT and spawned off additional chains for the various zones.
For example I guess that the chain IN_public_deny would contain a list of addresses of packets accessing the public zone which should be dropped. I created a rich rule Quote:
Code:
Chain IN_public_deny (1 references) I inserted a rule in the main FORWARD chain using iptables (should have used firewall-cmd --direct ... but have not figured that out yet.) The rule is here Code:
Chain FORWARD (policy ACCEPT) Code:
[ken@localhost Desktop]$ ping 85.12.30.226 The connection on the host points to the firewall box 10.42.0.1 as the primary DNS, However I have, successfully I think, prevented the node from contacting the firewall box directly or routing traffic through the firewall box to the Internet. My question is... how do I block access to DNS which is being provided by/through the firewall box? TIA, Ken p.s. Zenmap (nmap gui) shows Code:
PORT STATE SERVICE VERSION |
This article looks as if might be helpful: https://www.cyberciti.biz/faq/iptables-block-port/
|
Thank you frankbell,
That looks like it may do the trick. I will try and post back. Ken |
I added two rules. One for tcp (which did not do the trick) and one for udp which DID stop the subject computer from accessing DNS
Code:
[root@taylor16 ken]iptables -I INPUT -i enp0s20u1 -p tcp --destination-port 53 -s 10.42.0.217 -j DROP Thanks again frankbell. Ken |
All times are GMT -5. The time now is 09:55 PM. |