[BlueOnyx:13898] Re: Blueonyx Digest, Vol 58, Issue 30

[wcstaff at webcoast.com]

> -----Original Message-----
> From: blueonyx-bounces at mail.blueonyx.it
[mailto:blueonyx-bounces at mail.blueonyx.it] On
> Behalf Of gen at ercuk.com
> Sent: Wednesday, October 23, 2013 6:26 AM
> To: blueonyx at mail.blueonyx.it
> Subject: [BlueOnyx:13897] Re: Blueonyx Digest, Vol 58, Issue 30
> 
> Re: BlueOnyx-5108R-CentOS-6.3:
> 
> Should I have Port 53 Open?
> There seems to be a lot of disagreement about this on the web.
> 
> My domains won't load without my Port 53 being open !
> 
> Thanks
> _______________________________________________

I added these to my iptables and it works quite effectively.

The procedure I used from the shell prompt was:
Access the server via SSH
Log in as admin
su the server for root
/sbin/service iptables stop
/sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -m state --state
NEW -m recent --set --name DNS --rsource

/sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -m state --state
NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name DNS
--rsource -j LOG --log-prefix "Block DNS port 53 Attack "

/sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -m state --state
NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name DNS
--rsource -j DROP

/sbin/service iptables save
/sbin/service iptables start

I have entries for each eth#