I'm messing around with IP tables and I'm trying to do the following:
I have several hosts on the same network: 192.168.1.0/24. The DNS server is 192.168.1.1.
I'm trying to prevent all the hosts from making any DNS requests, either to 192.168.1.1 or to the internet (i.e. 8.8.8.8 Google DNS). I tried the following:
iptables -A OUTPUT -d 192.168.1.1 -p udp --dport 53 -j DROP
iptables -A INPUT -d 192.168.1.1 -p udp --dport 53 -j DROP
iptables -A FORWARD -d 192.168.1.1 -p udp --dport 53 -j DROP
iptables -A OUTPUT -d 192.168.1.0/24 -p udp --dport 53 -j DROP
iptables -A INPUT -d 192.168.1.0/24 -p udp --dport 53 -j DROP
iptables -A FORWARD -d 192.168.1.0/24 -p udp --dport 53 -j DROP
iptables -A OUTPUT -d 192.168.1.1 -p tcp --dport 53 -j DROP
iptables -A INPUT -d 192.168.1.1 -p tcp --dport 53 -j DROP
iptables -A FORWARD -d 192.168.1.1 -p tcp --dport 53 -j DROP
iptables -A OUTPUT -d 192.168.1.0/24 -p tcp --dport 53 -j DROP
iptables -A INPUT -d 192.168.1.0/24 -p tcp --dport 53 -j DROP
iptables -A FORWARD -d 192.168.1.0/24 -p tcp --dport 53 -j DROP
But none of them seem to work. Any ideas?
Best Answer
All you need is to add one rule (as shown below) to the OUTPUT table.
Here is a example where I tried to resolve my domain with and without the rule to illustrate it.