Re: [plug]iptables for dns

jepoy Fri, 14 Jan 2005 00:17:01 -0800

hi;

ive made my dns working, im now on the process of protecting it. is my iptables correct ?

i just want only port 53 to be open and close all ports.

*filter
# rules for our firewall
-A INPUT -i lo -p all -j ACCEPT
-A OUTPUT -o lo -p all -j ACCEPT
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
# open ports for dns service
-A INPUT -p tcp -i eth0 --dport 53 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 53 -j ACCEPT
# drop all other inbound connections-P INPUT DROP
COMMIT

jopoy solano <[EMAIL PROTECTED]> wrote:

Try removing allow-update and allow-transfer lines first and see if it
responds.

On Sun, 9 Jan 2005 23:25:21 -0800 (PST), jepoy <[EMAIL PROTECTED]>wrote:
> heres my zone files
>
> primary
>
> zone "mydomain.com" IN {
> type master;
> file "mydomain.com.zone";
> allow-update { none; };
> allow--transfer { 192.168.0.3; };
>
>
> secondary
> zone "mydomain.com" IN {
> type slave;
> file "mydomain.com.zone";
> allow-update { none; };
> masters { 192.168.0.2; };
>
>
> jopoy solano <[EMAIL PROTECTED]>wrote:
>
> Can you post your named.conf? Do you also have access on the primary dns
> server?
>
>
> On Sun, 9 Jan 2005 22:05:54 -0800 (PST), jepoy wrote:
> > hi guys,
> > ive setup a secondary dns server. when i issue the command rndc reload on
> > the secondary server, i got an error.
> > loading configuration from etc/named.conf
> > zone somedomain.com/IN failure trying master ... timeout
> > what seems to be the problem?
> >
> > what nameserver will i use for both dns ?
> >
> > ________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - You care about security. So do we.
> >
> >
> > --
> > Philippine Linux Users' Group (PLUG) Mailing List
> > [email protected] (#PLUG @ irc.free.net.ph)
> > Official Website: http://plug.linux.org.ph
> > Searchable Archives: http://marc.free.net.ph
> > .
> > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
> > .
> > Are you a Linux newbie? To join the newbie list, go to
> > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
> >
> >
> --
> Philippine Linux Users' Group (PLUG) Mailing List
> [email protected] (#PLUG @ irc.free.net.ph)
> Official Website: http://plug.linux.org.ph
> Searchable Archives: http://marc.free.net.ph
> .
> To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
> .
> Are you a Linux newbie? To join the newbie list, go to
> http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
>
>
>
>
> ________________________________
> Do you Yahoo!?
> Read only the mail you want - Yahoo! Mail SpamGuard.
>
>

Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.

--
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie

Re: [plug]iptables for dns

Reply via email to