I have the following rules for DNS (bind 9 running as caching server)
are the following correct?
Comments please.
#
# DNS Name Server TCP 53/UDP 25
#
$IPTABLES -A OUTPUT -o $INTERNET -p udp \
--sport $UNPRIVPORTS \
-d $NAMESERVER --dport 53 \
-m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp \
--sport $UNPRIVPORTS \
-d $NAMESERVER --dport 53 \
-m state --state NEW -j ACCEPT
if [ $DNS_CACHE = "1" ]; then
# DNS CACHE LAN clients to private server (53)
$IPTABLES -A INPUT -i $LAN -p udp \
--sport $UNPRIVPORTS \
-d $LAN_ADDR --dport 53 \
-m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i $LAN -p tcp \
--sport $UNPRIVPORTS \
-d $LAN_ADDR --dport 53 \
-m state --state NEW -j ACCEPT
else
$IPTABLES -A FORWARD -o $INTERNET -p udp \
--sport $UNPRIVPORTS \
-d $NAMESERVER --dport 53 \
-m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o $INTERNET -p tcp \
--sport $UNPRIVPORTS \
-d $NAMESERVER --dport 53 \
-m state --state NEW -j ACCEPT
fi
Also will the following rule log all port 53 packets (from internet
interface)?
$IPTABLES -A INPUT -i $INTERNET -p tcp -d $INTERNET_IPADDR --dport 53 -j LOG
|
Similar Threads
Linear Mode
