USB Networking vs. iptables

Christian Weßel wesselch at
Fri Sep 19 16:09:50 CEST 2008

Am Freitag, den 19.09.2008, 07:35 -0400 schrieb Joel Newkirk:
> Try "iptables -I RH-Firewall-1-INPUT -s -j ACCEPT", or the
> same rule inserted at the top of INPUT and FORWARD chains.

I will try.

> RH-Firewall-1-INPUT blocks SSH from various specific IPs,  then accepts
> only very limited specific connections, including ICMP,http,https,ssh,CUPS
> and ipsec but NOT including DNS...  

That's right, but at the end if no rules of the chain affected, the
police of the chain will affect. And the default police is ACCEPT. So, I
guess that means that DNS is not blocked.

> Lack of a rule accepting DNS in INPUT
> keeps you from doing DNS lookups at, lack of a rule accepting
> DNS in FORWARD keeps you from doing DNS lookups at any other host.

I will try to add DNS to the private chain.

mfg/br, christian

Flurstraße 14
29640 Schneverdingen

E-Mail: wesselch at
Telefon: +49 5193 97 14 95
Mobile:  +49 171 357 59 57
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : 

More information about the community mailing list