# iptables basic conf blocking local dnsmasq [resolved]

## e3k

i figured out that my iptables are blocking my local dnsmasq, the dns resolve time was really slow.

this was the configuration:

```

Chain INPUT (policy DROP)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:60800

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:60900

ACCEPT     udp  --  anywhere             anywhere            udp dpt:60800

ACCEPT     udp  --  anywhere             anywhere            udp dpt:60900

ACCEPT     udp  --  anywhere             anywhere            udp dpt:krb524

Chain FORWARD (policy DROP)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

```

to resolve this i am now allowing all inputs from localhost.

```

iptables -A INPUT -s 127.0.0.1 -p tcp -j ACCEPT

iptables -A INPUT -s 127.0.0.1 -p udp -j ACCEPT

```

is this ok or insecure?Last edited by e3k on Sat Jan 23, 2010 9:46 pm; edited 1 time in total

----------

## Sadako

Yeah, that's fine, in fact in most iptables guides the first two rules you'll see are to allow all traffic on localhost, like so;

```
iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -o lo -j ACCEPT
```

Alternatively, if you really want to make it a little more secure, change your rule to this;

```
iptables -A INPUT -i lo -p udp --dport 53 -j ACCEPT
```

You can add a rule for tcp as well, but I don't bother.

----------

## e3k

thank you, thats fine for me i leave it as it is.

tags:

dnsmasq not resolving

dig @127.0.0.1 www.sme.sk

; <<>> DiG 9.4.3-P4 <<>> @127.0.0.1 www.sme.sk

; (1 server found)                            

;; global options:  printcmd                  

;; connection timed out; no servers could be reached

----------

