On 08/05/2017 03:42 AM, Paolo Prandini wrote:
> I want to leave DNS queries and responses pass through
> blrules restrictions so I wrote in blrules
> ACCEPT  net             $FW udp   53
> ACCEPT  net             $FW tcp   53
> ACCEPT  $FW             net             udp 53
> ACCEPT  $FW             net             tcp 53
> DROP            net:+Blacklist          all
> DROP            net:+Blacklist          loc
> DROP            net:+Blacklist          $FW
> DROP            $FW                     net:+Blacklist
> DROP            loc                     net:+Blacklist
> DROP            all                     net:+Blacklist
> but it seems they are blocked anyway, I get
> Error sending reply with sendto (socket=5): Operation not permitted

Are DNS queries from the firewall to the net accepted by your rules
and/or policies? In the blrules file, ACCEPT simply excludes the
matching packets from being processed by the rest of the blrules
entries; it doesn't cause them to be accepted.

Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand

Attachment: signature.asc
Description: OpenPGP digital signature

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Shorewall-users mailing list

Reply via email to