Iptables rules

**Doug S** · September 10th, 2013

Originally Posted by Hungry Man

So you added an outbound on -lo? That's interesting. What for?

As far as I know, one always needs lo ACCEPT lines. I didn't actually try it on my machine without it, as I realized the issue while making the script. I added a logging line, and in my case, and so far, it seems to be DNS lookups going through DNSMasq before being forwarded.

Code:

# loopback interface is valid.
#
$IPTABLES -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j LOG --log-prefix "ZZHIT" --log-level info
$IPTABLES -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT

Code:

doug@doug-unity2:~$ grep ZZHIT /var/log/syslog
Sep 10 15:40:08 doug-unity2 kernel: [  869.802511] ZZHITIN= OUT=lo SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=60464 DPT=53 LEN=42
Sep 10 15:40:08 doug-unity2 kernel: [  869.802546] ZZHITIN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=90 TOS=0x00 PREC=0xC0 TTL=64 ID=27288 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=60464 DPT=53 LEN=42 ]
Sep 10 15:40:08 doug-unity2 kernel: [  869.802593] ZZHITIN= OUT=lo SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=37672 DPT=53 LEN=42
Sep 10 15:40:08 doug-unity2 kernel: [  869.802609] ZZHITIN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=90 TOS=0x00 PREC=0xC0 TTL=64 ID=27289 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=37672 DPT=53 LEN=42 ]
Sep 10 15:40:08 doug-unity2 kernel: [  869.802651] ZZHITIN= OUT=lo SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=47755 DPT=53 LEN=42
Sep 10 15:40:08 doug-unity2 kernel: [  869.802666] ZZHITIN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=90 TOS=0x00 PREC=0xC0 TTL=64 ID=27290 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=47755 DPT=53 LEN=42 ]
Sep 10 15:40:08 doug-unity2 kernel: [  869.802700] ZZHITIN= OUT=lo SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=45008 DPT=53 LEN=42
Sep 10 15:40:08 doug-unity2 kernel: [  869.802717] ZZHITIN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=90 TOS=0x00 PREC=0xC0 TTL=64 ID=27291 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=45008 DPT=53 LEN=42 ]
Sep 10 15:40:08 doug-unity2 kernel: [  869.803009] ZZHITIN= OUT=lo SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=57873 DPT=53 LEN=42
Sep 10 15:40:08 doug-unity2 kernel: [  869.803029] ZZHITIN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=90 TOS=0x00 PREC=0xC0 TTL=64 ID=27292 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=57873 DPT=53 LEN=42 ]
Sep 10 15:40:08 doug-unity2 kernel: [  869.803066] ZZHITIN= OUT=lo SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=54848 DPT=53 LEN=42
Sep 10 15:40:08 doug-unity2 kernel: [  869.803081] ZZHITIN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=90 TOS=0x00 PREC=0xC0 TTL=64 ID=27293 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=54848 DPT=53 LEN=42 ]
Sep 10 15:40:08 doug-unity2 kernel: [  869.803119] ZZHITIN= OUT=lo SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=58904 DPT=53 LEN=42
Sep 10 15:40:08 doug-unity2 kernel: [  869.803135] ZZHITIN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=90 TOS=0x00 PREC=0xC0 TTL=64 ID=27294 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=58904 DPT=53 LEN=42 ]
Sep 10 15:40:08 doug-unity2 kernel: [  869.803168] ZZHITIN= OUT=lo SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=36463 DPT=53 LEN=42
Sep 10 15:40:08 doug-unity2 kernel: [  869.803183] ZZHITIN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=90 TOS=0x00 PREC=0xC0 TTL=64 ID=27295 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.1.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=11379 DF PROTO=UDP SPT=36463 DPT=53 LEN=42 ]

**Hungry Man** · September 11th, 2013

Excellent. Thank you.

Thread: Iptables rules

Thread Tools

Display

Re: Iptables rules

Re: Iptables rules

Bookmarks

Bookmarks

Posting Permissions