On 08/05/2017 03:42 AM, Paolo Prandini wrote:
> I want to leave DNS queries and responses pass through
> blrules restrictions so I wrote in blrules
>
> ACCEPT net $FW udp 53
> ACCEPT net $FW tcp 53
> ACCEPT $FW net udp 53
> ACCEPT $FW net tcp 53
> DROPnet:+Blacklist all
> DROPnet:+Blacklist loc
> DROPnet:+Blacklist $FW
> DROP$FW net:+Blacklist
> DROPloc net:+Blacklist
> DROPall net:+Blacklist
>
> but it seems they are blocked anyway, I get
>
> Error sending reply with sendto (socket=5): Operation not permitted
>
Are DNS queries from the firewall to the net accepted by your rules
and/or policies? In the blrules file, ACCEPT simply excludes the
matching packets from being processed by the rest of the blrules
entries; it doesn't cause them to be accepted.
-Tom
--
Tom Eastep\ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\___
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users