What are you trying to accomplish? Allow clients internally to query your DNS server? Allow your DNS server to query root servers and forwarders? Allow external people to query your DNS server? Allow updates to slave zones on your DNS server from external DNS servers?
You should create specific rules for these situations rather than generic rules. Ray On Thursday 06 June 2002 15:31, Francois Peyron wrote: > Hi, > > I think you have to add the same line for the tcp protocol, I can't > remember why: I think some requests are made with udp while others with > tcp. iptables -A INPUT -p tcp --destination-port 53 -j ACCEPT > > hope this will help, > > Francois > ----- Original Message ----- > From: "Corin Langosch" <[EMAIL PROTECTED]> > To: "IP-Tables Maillingliste" <[EMAIL PROTECTED]> > Sent: Thursday, June 06, 2002 3:22 PM > Subject: dns server > > > Hi, > > > > im running a dns server here and i'm not sure if the following rule is > > enough to > > > allow dns queries from everywhere: > > > > $IPTABLES -A INPUT -p udp --destination-port 53 -j ACCEPT > > > > all other packets are reject or dropped. > > > > Thanks, > > Corin -- ---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-445-8100 Direct: 445-8263 Fax: +27-11-445-8101 "No matter where you go, there you are." ----------------------------------------
