Re: How do I configure iptables to allow DNS lookups?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Aug 06, 2003 at 10:23:59PM -0500, Jeremy Gaddis wrote:
> iptables -A INPUT -s <ip of first forwarder> --sport 53 --dport 53 -p
> udp -i <interface> -j ACCEPT
> iptables -A INPUT -s <ip of second forwarder> --sport 53 --dport 53 -p
> udp -i <interface> -j ACCEPT
>
> and maybe a matching set with "-p tcp".
You shouldn't need the tcp, but you should s/INPUT/FORWARD since we're
talking about firewalling.
Input goes to (but not through) a host
Output comes from a host
Forward goes through (but not to) a host
Or, for a memonic, think beer, urine and saur-kraut for the three
rules, respectively, and yourself as the host.
- --
.''`. Paul Johnson <baloo@ursine.ca>
: :' : proud Debian admin and user
`. `'`
`- Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/Mju8sClmdIs2Ki8RAilmAJ9DbeB6XjcIoQKElrBN7vQxxAeuOACfeUoJ
W0qzMRb6PLmHAqO0gECXnQo=
=bdwW
-----END PGP SIGNATURE-----
Reply to: