I don't think that's true. The rules are processed in order, so in the DNS case, the line with:
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 -j ACCEPT would have been used (since it was higher up on the table), iptables would have stopped checking other rules, and the last line wouldn't have been reached. In this case, I think it was the 2nd last line that was causing the problems since DNS needs TCP as well as UDP. ---- Aside ---- If you aren't sure what's going in with your rules, I find the logging feature of iptables very useful. I put a line like: -A RH-Lokkit-0-50-INPUT -j LOG --log-level info --log-prefix "Here. Darn!" after a rule that I think should handle the scenario. Then I reload the rules, try the operation again, and look in the log files to make sure the log doesn't contain the "Here. Darn!" message. If the message is there, the rules aren't working as I expect. ---- edisA ---- David --__--__-- Message: 26 From: Jason Staudenmayer <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: RE: iptables causing problem with named? (fixed) Date: Wed, 16 Jul 2003 14:41:05 -0400 Reply-To: [EMAIL PROTECTED] Oh didn't see that last one that's set to drop ALL UDP packets on all interface that would cause problems with DNS since it uses UDP. -----Original Message----- From: Scott Antonivich [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 2:40 PM To: [EMAIL PROTECTED] Subject: RE: iptables causing problem with named? (fixed) Basically, I removed -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT It seemed to have fixed it. Scott -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
