作者: limk2004 時間: 2014-7-17 10:41 標題: centos 5 iptables 問題
想在dns server set iptables 輸入
iptables -A OUTPUT -o eth0 -p udp -s $FW_IP --sport 1024:65535 -d any/0 --dport 53 -j ACCEPT
出現 bad argument '1024:65535'
我想問可以點解決D個問題
唔該師兄
作者: sunlite 時間: 2014-7-17 17:23
回覆 1# limk2004
The command is correct but I guess the version of iptables has bug. You can try using just "1024:" because without giving 65535, the default value is 65535.
作者: toylet 時間: 2014-7-17 19:26
提示: 作者被禁止或刪除 內容自動屏蔽
作者: limk2004 時間: 2014-7-18 14:40
本帖最後由 limk2004 於 2014-7-18 15:04 編輯
dns server既 iptables setting如下 我想問這個setting有問題嗎? 唔該師兄
作者: sunlite 時間: 2014-7-18 16:22
dns server既 iptables setting如下 我想問這個setting有問題嗎? 唔該師兄
limk2004 發表於 2014-7-18 14:40
DNS server listens on port 53 so the INPUT rule should be
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p udp --dport 53 -j ACCEPT
To allow DNS query to other DNS server:
-A OUTPUT -p tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp --dport 53 -j ACCEPT
However, your OUTPUT policy is ACCEPT so either you change it to DROP (check carefully before doing so) or the last two output rules are not needed as the packet will be accepted at the end of the output table anyway.