<DNS 방화벽 정책>
[root@jo:~]#iptables -I OUTPUT -p udp --dport 53 -j DROP [root@jo:~]#iptables -I INPUT -p udp --sport 53 -j DROP
외부로 dns질의가 되는지 테스트해보자 .. 당연히 안된다. [root@jo:~]#nslookup > www.daum.net .. 따라서 B쪽도 열어야 외부로 질의가 된다. 방화벽 DNS 정책을 넣을 때는 이렇게 4개를 넣어 줘야 한다. |
--
#iptables –I INPUT –p tcp –dport 22 –j ACCEPT #iptables –I OUTPUT –p tcp –sport 22 –j ACCEPT #iptables –I INPUT –p udp --dport 53 –j ACCEPT #iptables –I INPUT –p udp --sport 53 –j ACCEPT #iptables –I OUTPUT –p udp --sport 53 –j ACCEPT #iptables –I OUTPUT –p udp --sport 53 –j ACCEPT à 다 열어놓는다.
[root@jo:~]#iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT tcp -- anywhere anywhere tcp spt:https ACCEPT tcp -- anywhere anywhere tcp spt:http DROP tcp -- !192.168.10.26 anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp spt:ssh Chain RH-Firewall-1-INPUT (0 references) target prot opt source destination |
--
