On Mon, Oct 11, 2004 at 12:58:33PM +1000, Voytek wrote: > > <quote who="Voytek"> > > > > <quote who="Michael Fox"> > >> As other poster said, you need 53/TCP enabled as well as 53/UDP which > >> you already have. > >> > >> dns needs both UDP/TCP port 53 allowed. > > I've also put a UDP port 53 ;exemption' here; > do I also need a tcp port 53 exemption in here ? > is that OK to have one line up to 52 another, from 54 on ?
Why not explicitly ACCEPT port 53 ? > > ..... > -A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT > -A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT > -A input -s 0/0 -d 0/0 -i lo -j ACCEPT > -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT > -A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT > # exempt port 53 udp 11/10/2004 > #-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT > -A input -p udp -s 0/0 -d 0/0 0:52 -j REJECT > -A input -p udp -s 0/0 -d 0/0 54:1023 -j REJECT > -A input -p udp -s 0/0 -d 0/0 2049 -j REJECT > -A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT > -A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT > > -- > Voytek > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
