[Firewall] Very basic iptables question

James Applebaum james at electricbluefish.com
Tue Apr 23 17:17:04 CEST 2013


Attempting to setup a custom rule to block an internal "private" ip address from accessing the external interface. This is what I added:
iptables -I OUTPUT -d client.privatedomain.local  -j DROP

But when I do this the DNS services I run locally start outputting errors. 
Apr 23 11:08:23 ***** avahi-daemon[3797]: dbus-protocol.c: Too many objects for client ':1.25', client request failed.
Apr 23 11:08:23 ***** avahi-daemon[3797]: dbus-protocol.c: Too many objects for client ':1.20', client request failed.
Apr 23 11:08:30 ***** avahi-daemon[3797]: dbus-protocol.c: Too many objects for client ':1.25', client request failed.
Apr 23 11:08:30 ***** avahi-daemon[3797]: dbus-protocol.c: Too many objects for client ':1.20', client request failed.


I assume this is because the rule is blocking both eth0 (my external interface) and eth1 (my internal interface) which is not allowing DNS to resolve?
I can't seem to define just the external interface. This just generates an error when I run Arno script.
iptables -I OUTPUT -i eth0 -d client.privatedomain.local  -j DROP

 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130423/9d3f78a2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5738 bytes
Desc: not available
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130423/9d3f78a2/attachment.bin>


More information about the Firewall mailing list