I asked the owner of the SRC machine below what's happening here:
Aug 25 08:13:04 joseph kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:a0:cc:59:82:5e:00:ba:db:ee:fb:0b:08:00 SRC=126.96.36.199 DST=188.8.131.52 LEN=77 TOS=0x00 PREC=0x00 TTL=253 ID=6022 DF PROTO=UDP SPT=53 DPT=2898 LEN=57
His answer was that it looks like his machine is replying to my
machines DNS requests, and it's being blocked. Does this answer
make sense? I don't know enough DNS to evaluate it on my own.
My shorewall policy for the zone this is coming from is to DROP
anything that I don't explicitly let in. I trust the zone as
much as I'd trust anything -- it's my work, and they have a very
good track-record with me and their own firewall. Is it
reasonably safe to let in UDP port 53, which is "domain" in my
Maybe letting in UDP port 53 isn't the right way to address this.
Is there a shorewall way to let in any packet that's a response
to a packet that I originated? Can I explicitly restrict that
"any" but have a policy to let in the other response packets?
Unless otherwise noted, the statements herein reflect my personal
opinions and not those of any organization with which I may be affiliated.