* Torrin (torrin@torrin.dyndns.org) [021215 19:21]: > Nicolas Boullis wrote: > > * Torrin (torrin@torrin.dyndns.org): > > > iptables -A INPUT -i eth0 -j ACCEPT -p TCP -s 0.0.0.0/0 --source-port > > > domain #53 > > > iptables -A INPUT -i eth0 -j ACCEPT -p UDP -s 0.0.0.0/0 --source-port > > > domain #53 > >"Hey! I'm a nice port, let me in!". > > > >Oops. > > You're right, I should probably change that to be the address of the DNS > server. I'll also add connection tracking in my iptables script. Is > there anything I can do in my ipchains script? You don't need these rules at all, if you're allowing state ESTABLISHED,RELATED packets. The packets coming from your nameservers (in response to your DNS requests) will be allowed via connection tracking. The above rules would be used in the case when you want to allow incoming connections, which you probably don't need to accept from your nameserver. good times, Vineet -- http://www.doorstop.net/ -- "Computer Science is no more about computers than astronomy is about telescopes." -- E.W. Dijkstra
Attachment:
pgpeG5Fi6Uco3.pgp
Description: PGP signature