IPTables rules for DNS

Suppose the default INPUT DROP and a DNS server is installed, now I will give an example of IPTables rules so that clients can access the DNS server.

To open the DNS port in IPTables, let’s execute the rule:

sudo iptables -A INPUT -i eth0 -p udp --dport 53 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 53 -m state --state ESTABLISHED -j ACCEPT


To open the DNS port for a specific network only, we’ll follow the rule

sudo iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p udp --dport 53 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 53 -m state --state ESTABLISHED -j ACCEPT

To remove the rules, specify the same commands, replacing -A with -D, for example:

sudo iptables -D INPUT -i eth0 -p udp --dport 53 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -D INPUT -i eth0 -p tcp --dport 53 -m state --state ESTABLISHED -j ACCEPT

You can view the list of rules with the command:

sudo iptables -nvL

On the access server, you can redirect all DNS requests to your server (that is, if the client manually specifies its own DNS, then requests will still go to the rule specified in the iptables rule):

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.2.5

See also my articles:
Configure IPTables
Installing and Configuring DNS Server BIND9

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply