2

CentOS 5.x

I'm trying to confirm which specific rule in my iptables config is allowing return UDP traffic from my DNS server. I THINK, it's this one: 

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

If I take off RELATED and bounce iptables, DNS queries on the server still work.

If I comment out the line entirely, and bounce iptables, DNS queries start failing.

So by that logic, it seems reasonable to me that iptables is considering the return UDP packet to be part of an ESTABLISHED connection state. Why does it think that though?

I get that it sees the response coming back to a port pertaining to an open query but the man page for iptables defines ESTABLISHED state as "the packet is associated with a connection which has seen packets in both directions". In this case, only one UDP packet would have been sent out and presumably only one would be coming back. Where did the connection previously seen "packets in both directions"?

Apologies in advance if I'm over-thinking this.

Mike B
  • 11,570
  • 42
  • 106
  • 165
  • 2
    http://serverfault.com/questions/123208/iptables-p-udp-state-established – dmourati Jul 23 '14 at 00:46
  • @dmourati Thanks. For what it's worth, I did check to see if this was a duplicate question but didn't see that. This can be closed as a duplicate. – Mike B Jul 23 '14 at 17:25

0 Answers0