-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said...
> I am trying to set up a firewall on my server and am having trouble > with one of my iptables rules. > > I can set up all the rules that I like, but I can't seem to get this > one to work: > > # iptables -A INPUT -p udp --dport 53 -j ACCEPT > (or the OUTPUT equivelent) So you're running a DNS server? > When I add this to my INPUT chain, and I type: "iptables -L" It waits > for 10 - 15 seconds to display the first rule, then 10 - 15 seconds > for the second rule...etc etc etc. I have a LOT of rules. > > When I add this to my OUTPUT (and only the OUTPUT) chain, when I type: > "iptables -L" it displays all my INPUT, and FORWARD rules instantly, > but then pauses on the first OUTPUT rule like it does on the INPUT > chain. iptables is just trying to resolve the ip numbers in your rules. "iptables -L -n" will change that. > I have no trouble if I set the policy of the chain in question to > ACCEPT, I have no trouble. > > Am I missing something? I NEED to let domain into my box. What am I > doing wrong? If the policy on the INPUT chain is "DROP" or "REJECT" try making this the first rule in your INPUT chain: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT You should run iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT if you don't clear your INPUT chain first. - -- - ---------------------------------------------------------------------- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE630uH/ZTSZFDeHPwRAmRbAJ9zd4PKGBlVk5MfrkwjHjKNCbfRegCg1yiD zRnSY0LTdFxkUfyH/TNXZuk= =1yCH -----END PGP SIGNATURE-----
