On Mon, Oct 11, 2004 at 12:49:07PM +1000, Voytek wrote: > > <quote who="Alexander Samad"> > > On Mon, Oct 11, 2004 at 12:11:14PM +1000, Voytek wrote: > >> I've now modified the ipchains to as below, but, it's still blocking > >> DNS: > >> > >> this is meant as a master DNS server, BTW > > > > > dont you need > > -A input -s 0/0 -d 0/0 53 -p tcp -j ACCEPT > > > > for zone transfers and large replies > > thanls, Alex > > I thought DNS only needed udp.. > > I guess with a '-y' option ? presuming you are using conntrack and the RELATED,ESTABLISHED at the top of the chain
> > # entered port 53 udp 11/10/2004 > -A input -s 0/0 -d 0/0 53 -p udp -j ACCEPT > -A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT > > > > > -- > Voytek > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
