On Mon, Mar 03, 2014 at 09:48:20AM +0800, Drunkard Zhang wrote: > 2014-03-02 3:04 GMT+08:00 /dev/rob0 <r...@gmx.co.uk>: snip > > root@tp:~# iptables-save snip > > # Generated by iptables-save v1.4.20 on Sat Mar 1 12:42:55 2014 > > *raw > > :PREROUTING ACCEPT [96:19019] > > :OUTPUT ACCEPT [118:13918] > > -A PREROUTING -p udp -m udp --dport 53 -m comment --comment "do not track > > outbound DNS queries on UDP" -j NOTRACK > > -A PREROUTING -p udp -m udp --sport 53 -m comment --comment "do not track > > inbound DNS replies on UDP" -j NOTRACK > > -A OUTPUT -p udp -m udp --dport 53 -m comment --comment "do not track > > outbound DNS queries on UDP" -j NOTRACK > > -A OUTPUT -p udp -m udp --sport 53 -m comment --comment "do not track > > inbound DNS replies on UDP" -j NOTRACK > > The NOTRACK module is deprecating in kernel, the equivalent usage is: > -A PREROUTING -p udp -m udp --dport 53 -j CT --notrack
Thank you for this. IIRC you are right. Unfortunately the iptables-extensions manual does not say one way or another, but I will take your word for it, along with a vague recollection of something I once read on the Netfilter mailing list. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
