On Thu, Apr 19, 2001 at 03:59:14PM -0400, Jason Healy wrote: > Or, if you don't feel like opening all 64,000+ of those ports, try a rule > like: > > iptables -A INPUT -p UDP --source-port domain -j ACCEPT > > > Since DNS requests will appear to come from port 53 (domain), this rule lets > all such responses in. For added sanity you could ensure that the > destination port is above 1024. Huh? That is completely untrue. If that was the case then any program that wished to lookup hosts in the DNS would need to be run as root (ordinary users don't have access to port 53, remember). noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgp3WYmYpM_p7.pgp
Description: PGP signature