<quote who="Alexander Samad"> > On Mon, Oct 11, 2004 at 12:49:07PM +1000, Voytek wrote: >> >> <quote who="Alexander Samad"> >> > On Mon, Oct 11, 2004 at 12:11:14PM +1000, Voytek wrote:
>> thanls, Alex >> >> I thought DNS only needed udp.. >> >> I guess with a '-y' option ? > presuming you are using conntrack and the RELATED,ESTABLISHED at the top > of the chain Alex, not sure what that means.. all my 'tcp' lines have that option, so, I guess it needs it ? /etc/sysconfig/ipchains :input ACCEPT :forward ACCEPT :output ACCEPT # entered port 53 udp 11/10/2004 -A input -s 0/0 -d 0/0 53 -p udp -j ACCEPT -A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT -A input -s 0/0 -d 0/0 443 -p tcp -y -j ACCEPT -A input -s 0/0 -d 0/0 110 -p tcp -y -j ACCEPT -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT -A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT #-A input -s 0/0 -d 0/0 23 -p tcp -y -j ACCEPT -A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT -A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT .... Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
