Re: iptables and domain services...

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: iptables and domain services...
From: Phil Brutsche <pbrutsch@tux.creighton.edu>
Date: Thu, 19 Apr 2001 15:36:37 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.33.0104191534150.20518-100000@tux.creighton.edu>
In-reply-to: <[🔎] 20010419160741.L30613@morgul.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A long time ago, in a galaxy far, far way, someone said...

> > iptables -A INPUT -p UDP --source-port domain -j ACCEPT
>
> Huh?  That is completely untrue.  If that was the case then any program
> that wished to lookup hosts in the DNS would need to be run as root
> (ordinary users don't have access to port 53, remember).

Perfectly true.  With DNS, the query goes to port 53; the response comes
from port 53 on that same DNS server.

- -- 
- ----------------------------------------------------------------------
Phil Brutsche				    pbrutsch@tux.creighton.edu

GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D  7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE630xY/ZTSZFDeHPwRArGuAJ4mClDFUVSGzfPNJhQfwWnrwpPMtACgi7IM
92h5J3w/MK8tCiypwq/rcKQ=
=A1h+
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: iptables and domain services...
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

References:
- Re: iptables and domain services...
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

Prev by Date: Re: making bootable CD from running debian setup
Next by Date: Re: iptables and domain services...
Previous by thread: Re: iptables and domain services...
Next by thread: Re: iptables and domain services...
Index(es):
- Date
- Thread