![Iptables examples](https://cdn1.cdnme.se/5447227/9-3/22_64e61dfde087c31b3e70ff43.png)
Am I overlooking some small problem with my new rules?.A INPUT -i !wan0 -p udp -m udp -dport 53 -j ACCEPT A INPUT -i !wan0 -p tcp -m tcp -dport 53 -j ACCEPT However, when I switch to using the following rule instead, machines from within a number of VLANs can't access DNS services running on the edge device anymore: # allow DNS from not-wan A INPUT -i ens789 -p udp -m udp -dport 53 -j ACCEPTįrom looking at the iptables documentation and examples online, it looks like using a bang ( !) should help by blacklisting only the WAN NIC, thus allowing everything else to connect to the edge from inside the various VLANs.
![iptables examples iptables examples](https://3.bp.blogspot.com/-k9-gDxUy2E0/WGHdfdoXbtI/AAAAAAAAGTY/FgxQvP-kUig3cTglDlMy9vUxKxq2p-kLwCLcB/s640/iptables.png)
A INPUT -i ens789 -p tcp -m tcp -dport 53 -j ACCEPT A INPUT -i ens456 -p udp -m udp -dport 53 -j ACCEPT A INPUT -i ens456 -p tcp -m tcp -dport 53 -j ACCEPT A INPUT -i ens123 -p udp -m udp -dport 53 -j ACCEPT A INPUT -i ens123 -p tcp -m tcp -dport 53 -j ACCEPT
![iptables examples iptables examples](https://www.atlantic.net/wp-content/uploads/2018/01/linux3-1.png)
Wan0 = Wide Area Network / Internet accessĬurrently, it's using INPUT rules similar to the following to allow internal machines to access its services: # allow DNS from lan Everything's working as expected, but I'm looking to keep the number of firewall rules to a minimum as the edge device changes in profile over time, like when additional VLANs (VLAN=dedicated NIC, in this case) or services are added to it. I've setup a combination firewall (iptables), router, DHCP and DNS device running Ubuntu 圆4 at the edge of the network.
![Iptables examples](https://cdn1.cdnme.se/5447227/9-3/22_64e61dfde087c31b3e70ff43.png)