I see, but It should be statefull right ?
On 12 March 2012 23:57, Mark Andrews <ma...@isc.org> wrote: > > In message < > caaoqnkg-xfkws_fen9kedub7w19vf4jocsfp52lb8ixv5+g...@mail.gmail.com> > , Romgo writes: > > > > Here is my Iptables configuration for bind : > > > > # prod.dns.in > > $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d > > 192.168.201.2 -s 0/0 > > $IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d > > 192.168.201.2 -s 0/0 > > > > > > # OUTPUT > > #------------- > > # prod.dns.out > > $IPTABLES -t filter -A OUTPUT -j LOGACCEPT -p tcp --dport 53 -o eth1 -s > > 192.168.201.2 -d 0/0 > > $IPTABLES -t filter -A OUTPUT -j LOGACCEPT -p udp --dport 53 -o eth1 -s > > 192.168.201.2 -d 0/0 > > This is obviously wrong. You want to be looking at the source port not > the destination port for reply traffic. > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
