Skip to main content

Allow tinydns service through iptables firewall

If you use iptables and want to allow tinydns service answer iterative requests:

Note: Tinydns serves from 192.168.1.10 change yours accordingly, and INPUT number may vary for your list of rules.

# iptables -I INPUT 7 -p udp -s 0/0 --sport 1024:65535 -d 192.168.1.10 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

# iptables -A OUTPUT -p udp -s 192.168.1.10 --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

# iptables -I INPUT 8 -p udp -s 0/0 --sport 53 -d 192.168.1.10 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

# iptables -A OUTPUT -p udp -s 192.168.1.10 --sport 53 -d 0/0 --dport 53 -m state --state ESTABLISHED -j ACCEPT

# service iptables save

After saving rules, iptables --list command should give a list of rules like this:

# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:vnc-server
ACCEPT udp -- anywhere anywhere state NEW udp dpt:vnc-server
ACCEPT udp -- anywhere 192.168.1.10 udp spts:1024:65535 dpt:domain state NEW,ESTABLISHED
ACCEPT udp -- anywhere 192.168.1.10 udp spt:domain dpt:domain state NEW,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 192.168.1.10 anywhere udp spt:domain dpts:1024:65535 state ESTABLISHED
ACCEPT udp -- 192.168.1.10 anywhere udp spt:domain dpt:domain state ESTABLISHED


Comments

Popular posts from this blog