A staggering 51% of people always use voucher codes when ordering a takeaway, according to recent research from MyVoucherCodes. You might think they're penny pinchers, or you might think “good on them ...
Wichita's largest indoor sports and adventure facility. Trampolines, basketball, volleyball, parties and events all under one roof.
let's look at these two iptables rules which are often used to allow outgoing DNS: iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A
First give a -p option like -p tcp or -p udp. Examples: iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j DROP iptables -A INPUT -p udp --dport 53 --sport 1024:65535 -j ACCEPT You could also try -p all but I've never done that and don't find too much support for it in the examples.
with "u32 match ip sport 80" in Linux tc I can match port 80, but how can I match a port range 10000 - 20000 ?
At first glance you're only allowing DNS responses to be received and don't create any DNS related rules in the OUTPUT chain to actually allow sending DNS queries out. You current rules: #DNS resolution input and output iptables -A INPUT -p udp --dport 53 -d 8.8.8.8,8.8.4.4 -j ACCEPT ^^^^^ iptables -A INPUT -p udp --sport 53 -s 8.8.8.8,8.8.4.4 -j ACCEPT ^^^^^ Additionally, DNS can also use TCP ...
This can't be fixed with a stateless firewall without voiding the security the firewall is supposed to provide. One can't just add: udp sport 53 accept + tcp sport { 53, 443 } accept to allow DNS replies and HTTPS replies to work, because then any remote attack can use such source ports to access any ports and thus services on the VPS system.