>
> Just have rules for udp and tcp that allow connections in and out on ports
> 53
>
> eg. (for udp)
>
> # Allow iternal clients to access this DNS box
> iptables -A INPUT -p udp --dport 53 -j ACCEPT
> iptables -A OUPUT -p udp --sport 53 -j ACCEPT
>
> # Allow this box to ask ROOT servers...
> iptables -A INPUT -p udp --sport 53 -j ACCEPT
> iptables -A OUPUT -p udp --dport 53 -j ACCEPT
>
> add similar ones for tcp.
Similar ones for TCP? You mean if I bind the port of my telnet client to
port 53, then I can have a free ride on your firewall?
Ramin
>
> Cheers
> Nigel
> Just have rules for udp and tcp that allow connections in and out on ports
> 53
>
> eg. (for udp)
>
> # Allow iternal clients to access this DNS box
> iptables -A INPUT -p udp --dport 53 -j ACCEPT
> iptables -A OUPUT -p udp --sport 53 -j ACCEPT
>
> # Allow this box to ask ROOT servers...
> iptables -A INPUT -p udp --sport 53 -j ACCEPT
> iptables -A OUPUT -p udp --dport 53 -j ACCEPT
>
> add similar ones for tcp.
Similar ones for TCP? You mean if I bind the port of my telnet client to
port 53, then I can have a free ride on your firewall?
Ramin
>
> Cheers
> Nigel