-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Aug 06, 2003 at 10:23:59PM -0500, Jeremy Gaddis wrote: > iptables -A INPUT -s <ip of first forwarder> --sport 53 --dport 53 -p > udp -i <interface> -j ACCEPT > iptables -A INPUT -s <ip of second forwarder> --sport 53 --dport 53 -p > udp -i <interface> -j ACCEPT > > and maybe a matching set with "-p tcp".
You shouldn't need the tcp, but you should s/INPUT/FORWARD since we're talking about firewalling. Input goes to (but not through) a host Output comes from a host Forward goes through (but not to) a host Or, for a memonic, think beer, urine and saur-kraut for the three rules, respectively, and yourself as the host. - -- .''`. Paul Johnson <[EMAIL PROTECTED]> : :' : proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/Mju8sClmdIs2Ki8RAilmAJ9DbeB6XjcIoQKElrBN7vQxxAeuOACfeUoJ W0qzMRb6PLmHAqO0gECXnQo= =bdwW -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
