Re: iptables and domain services...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> I am trying to set up a firewall on my server and am having trouble
> with one of my iptables rules.
>
> I can set up all the rules that I like, but I can't seem to get this
> one to work:
>
> # iptables -A INPUT -p udp --dport 53 -j ACCEPT
> (or the OUTPUT equivelent)
So you're running a DNS server?
> When I add this to my INPUT chain, and I type: "iptables -L" It waits
> for 10 - 15 seconds to display the first rule, then 10 - 15 seconds
> for the second rule...etc etc etc. I have a LOT of rules.
>
> When I add this to my OUTPUT (and only the OUTPUT) chain, when I type:
> "iptables -L" it displays all my INPUT, and FORWARD rules instantly,
> but then pauses on the first OUTPUT rule like it does on the INPUT
> chain.
iptables is just trying to resolve the ip numbers in your rules.
"iptables -L -n" will change that.
> I have no trouble if I set the policy of the chain in question to
> ACCEPT, I have no trouble.
>
> Am I missing something? I NEED to let domain into my box. What am I
> doing wrong?
If the policy on the INPUT chain is "DROP" or "REJECT" try making this the
first rule in your INPUT chain:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
You should run
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
if you don't clear your INPUT chain first.
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch@tux.creighton.edu
GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE630uH/ZTSZFDeHPwRAmRbAJ9zd4PKGBlVk5MfrkwjHjKNCbfRegCg1yiD
zRnSY0LTdFxkUfyH/TNXZuk=
=1yCH
-----END PGP SIGNATURE-----
Reply to: