Can iptables allow DNS queries only for a certain domain name?

view full story

http://stackoverflow.com – I have iptables blocking all UDP traffic at the moment, however I want to allow only certain DNS queries to get through. Let's use google.com as an example. I am trying to use string matching to find the domain name in the request, and allow it. This is what I came up with. iptables -A OUTPUT -o eth0 -p udp --sport 53 -m string --string "google.com" --algo bm -j ACCEPT I have also tried --dport 53 instead of --sport. No dice. If anyone knows how this can be done or see's where I went wrong your help is appreciated! Thanks, Jarred (HowTos)

Submitted by fooubuntu on 12/31/2012 – Made popular on 12/31/2012

Login or register to post comments
Email this page

Stories similar to Can iptables allow DNS queries only for a certain domain name?

Can IP tables allow specific DNS queries based on domain name? 19 weeks 5 days ago

I have iptables blocking all UDP traffic at the moment, however I want to allow only certain DNS queries to get through.

Let's use google.com as an example.

I am trying to use string matching to find the domain name in the request, and allow it.

Iptables blocks outgoing HTTP connection 28 weeks 5 days ago

I've setup IPTables with the following script...

Iptables bash script 20 weeks 4 days ago

i'd like to basically drop all packets, but still allow port 22, 80 and 52533. ATM this firewall doesn't allow pinging, or for me to use yum update. How can I add that? Thanks for advice. Also is there an easier way to open port 80?

Setting up iptables for SSL (port 443) 2 years 42 weeks ago

I hear that it's a bad idea to edit iptables by hand.

I want to open 443. Quote:

iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT

BUT***

[ubuntu] Unable to resolve host after iptables rules 1 week 2 days ago

I've ran the following rules:

Code: [ "iptables --flush", "iptables -P INPUT DROP", "iptables -P FORWARD DROP", "iptables -P OUTPUT DROP", "iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT", "iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT", "iptables -A

IPTABLES allow mail with DROP policy [closed] 21 weeks 3 days ago

I'd like to allow mail through iptables and DROP policy but this script doesn't work what it is wrong here:

## FLUSH de reglas iptables -F

iptables -X

iptables -Z

iptables -t nat -F

## policy iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

# localhost iptables -A INPUT -i lo -j ACCEPT

# Allow my ip iptables -A INPUT -s MY_IP -j ACCEPT

# 80 port iptables -A I

[ubuntu] IPTABLES multiple strings to match with AND condition 2 weeks 1 day ago

Hello,

I need to apply an iptables rules using --string option.

I need to match on --hex or ascii 2 strings that are never localized on the same area.

Each samples I tried DROP only one of my two strings, so i have false positive. I need to DROP the 2 STRINGS, but when i have only 1 string or the other, i don't want to DROP.

So, the rule what i am looking for is a AND rule around iptables.

How to Block BitTorrent traffic on your Linux firewall 7 weeks 3 days ago

Questions : How to block torrents from Iptables ? Answer: #Block Torrent iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j LOGDROP iptables -A FORWARD -m string --algo bm...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

[ubuntu] IPTables problems 26 weeks 2 days ago

I'm having some problems with my VPS running Ubuntu Server 11.04 x64.

Can iptables allow DNS queries only for a certain domain name?

Search

Best published stories

Beautiful linux wallpapers

Tags