Port 53 is open for DNS. Why would I need this?

You need to have UDP 53 allowed for responses to DNS queries that your server sends, as UDP is a stateless protocol. Don’t block it if you want any kind of outbound connectivity, software updates, etc.

Note that for name resolution software in most modern operating systems that’s been patched with DNS source port randomization, the source port of the queries (and thus, the destination port of the response) won’t necessarily be 53; in those cases, it’s probably safe (but unnecessary, unless you have a rogue DNS resolver listening) to block UDP port 53.

Would this command secure that port using iptables in Linux

You don’t need to allow TCP 53 inbound unless your server is actually a DNS server. Your second command has -m udp -p tcp, which doesn’t make a lot of sense.. typo?

Leave a Reply

Your email address will not be published. Required fields are marked *