Comments on: Linux Iptables block or open DNS / bind service port 53

By: Tricky

Tricky — Wed, 03 Nov 2010 06:37:49 +0000

For pure and simple DNS client (not hosting DNS server and so on), I scripted it as follows:
for dnsserverip in `grep nameserver /etc/resolv.conf | sed 's/.* //'` ; do /usr/sbin/iptables -A INPUT -p udp --dport 53 -s $dnsserverip -m state --state NEW -j ACCEPT /usr/sbin/iptables -A INPUT -p tcp --dport 53 -s $dnsserverip -m state --state NEW -j ACCEPT done

I also have separate lines in my generic iptables script globally allowing “ESTABLISHED,RELATED”, negating the need for adding these parameters elsewhere.

By: Crisu

Crisu — Thu, 04 Feb 2010 17:44:58 +0000

Hi guys, don’t know it is right place to post it but i’d like to ask does any of you know how to change that port 53 to port 25. Our profesors in scool gave us something like this to solve.

By: sims

sims — Fri, 03 Apr 2009 15:06:01 +0000

Also say your running a name server and you need to communicate with any name servers:

IPADDR=xxx.xxx.xxx.xxx UNPRIVPORTS="1024:65535" iptables -A OUTPUT -p udp -s $IPADDR --sport $UNPRIVPORTS -d 0/0 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp -s 0/0 --sport 53 -d $IPADDR --dport $UNPRIVPORTS -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s $IPADDR --sport $UNPRIVPORTS -d 0/0 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 53 -d $IPADDR --dport $UNPRIVPORTS -m state --state ESTABLISHED -j ACCEPT

By: sims

sims — Fri, 03 Apr 2009 14:27:44 +0000

Hey buddy,

check out this line in your how to:

iptables -A OUTPUT-p

Poor copy and pasters