[Shorewall-users] bouncing inbound dns udp packets
teastep at shorewall.net
Fri, 11 Oct 2002 06:30:26 -0700
Roy Barkas wrote:
> All of a sudden, with no change to my Shorewall config, I?ve started to
> see a lot of udp packets from dns servers that I use being rejected.
> In the log extract below ? all of the 61.9 addresses are a family of dns
> servers and (obviously, I guess) 144.137.xx.xxx is my public interface.
> Is it possible that the state connections time out due to poor dns
That's what I've always assumed was happening. In my /etc/shorewall/common
file, I have:
run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com