I recently noticed I had become the DNS server to the world - the ‘Allow Remote Requests’ check box by default in DNS got me. I added a UDP filter in the input chain on port 53 as I don’t host a DNS server answering requests outside the network.
Just looking for confirmation:
I have three sites connected by IPsec. I have added an input filter allowing packets sourced from each other site. In example:
On Router 1 – Chain: Input; Source WAN2 IP; Accept – Chain: Input; Source WAN3 IP; Accept – Chain: Input; Source 192.168.0.0/16; Accept
On Router 2 – Chain: Input; Source WAN1 IP; Accept – Chain: Input; Source WAN3 IP; Accept – Chain: Input; Source 192.168.0.0/16; Accept
On Router 3 – Chain: Input; Source WAN1 IP; Accept – Chain: Input; Source WAN2 IP; Accept – Chain: Input; Source 192.168.0.0/16; Accept
I would like to add an input chain Filter at the end that drops anything else to each router (to replace my UDP; 53) - the rules above should keep my IPsec tunnels up - I think?
M.