Tutorial
Linux IPTables blocking DNS and open port 53
Scenario / Question:
IPTables is blocking DNS and I can not get DNS from Internet.
Solution / Answer:
IPTables needs to be configured to allow INPUT of port 53 and the OUTPUT of port 53. DNS uses both tcp and udp protocols on port 53 for communicating. UDP is used for queries transferring less than 512 bytes of data and TCP is used for transferring larger queries.
Accept or Allow outgoing DNS requests:
In order to accept or allow outgoing DNS requests from a client system using iptables you can add the following iptable rules. These rules must be added above any deny all rules that may exist in your INPUT or OUTPUT iptable chains.
iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
Fabio Milano has written 79 articles for us.
Fabio Milano is a certified RHCE, MCP, and CFOI. He runs an IT consulting and services company called RDS Support inc. Website:http://www.rdssupport.com
The information provided is for educational purposes only. All content including links and comments is provided "as is" with no warranty, expressed or implied. Use is at your own risk and you are solely responsible for what you do with it.
[...] The rest is here: Linux IPTables blocking DNS and open port 53 [...]
As far as I know, UDP protocol is state-less, and specifying –state in a rule with -p udp does not make sense.
correct me if wrong.