port 53
Jeffrey W. Baker
jwbaker@acm.org
Tue, 25 Sep 2001 09:17:31 -0700 (PDT)
On Tue, 25 Sep 2001, Maciej Soltysiak wrote:
> > I have a DNS on my RedHat 7.1 Linux server. I want to drop all requests
> > on port 53 with one exception: the requests from my ISP DNS server.How
> > can I do this with iptables?
>
> well it depends on your strategy of placing rules, but you can add:
> iptables -A INPUT -i EXT_INTERFACE -p tcp -s ISP_IP -d YOUR_IP --dport 53\
> -j DROP
> iptables -A INPUT -i EXT_INTERFACE -p udp -s ISP_IP -d YOUR_IP --dport 53\
> -j DROP
This is backwards, right? The original poster wanted to *accept* packets
from the ISP:
iptables -A INPUT -i EXT -p tcp -s ISP -d MYIP --dport 53 -j ACCEPT
iptables -A INPUT -i EXT -p udp -s ISP -d MYIP --dport 53 -j ACCEPT
iptables -A INPUT -i EXT -p tcp --dport 53 -j REJECT
iptables -A INPUT -i EXT -p udp --dport 53 -j REJECT
or a variant thereof.
-jwb