Linux – iptables rules for port 53 not taking effect

domain-name-systemiptableslinuxUbuntu

My ubuntu 14.04 LTS server is receiving lots of incoming traffic on port 53 from different ip addresses. I am not hosting any DNS service. So I decided to block port 53:

iptables -A INPUT -p tcp --destination-port 53 -j DROP

iptables -A OUTPUT -p tcp --dport 53 -j DROP

After that I save the new rules:

invoke-rc.d iptables-persistent save

So the final result looks like this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53

Chain DOCKER (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.3           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.7           tcp dpt:8080

However when I use nethogs to monitor the traffic I still see traffic on port 53. Any idea why the rules are not taking effect?

For your notice: I have docker 1.9.1 installed.

Nethogs output:

enter image description here

and the list is growing.

Best Answer

DNS is primarily UDP on port 53.

But why are you blocking it in OUTPUT chain as well? Do you not want to resolve any domain name from this machine?