[操作疑難] centos 5 iptables 問題

limk2004

想在dns server  set  iptables 輸入
iptables -A OUTPUT -o eth0 -p udp -s $FW_IP --sport 1024:65535 -d any/0 --dport 53 -j ACCEPT

出現 bad argument '1024:65535'
我想問可以點解決D個問題
唔該師兄

sunlite

回覆 1# limk2004

The command is correct but I guess the version of iptables has bug. You can try using just "1024:" because without giving 65535, the default value is 65535.

limk2004

dns server既 iptables setting如下  我想問這個setting有問題嗎?  唔該師兄

sunlite

dns server既 iptables setting如下  我想問這個setting有問題嗎?  唔該師兄
limk2004 發表於 2014-7-18 14:40

DNS server listens on port 53 so the INPUT rule should be
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p udp --dport 53 -j ACCEPT

To allow DNS query to other DNS server:
-A OUTPUT -p tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp --dport 53 -j ACCEPT

However, your OUTPUT policy is ACCEPT so either you change it to DROP (check carefully before doing so) or the last two output rules are not needed as the packet will be accepted at the end of the output table anyway.