添加了dns端口到iptables，但是没有打开CentOS 7

我添加了DNS服务器端口到iptables，甚至指定的服务正在监听，当我用netstat检查它，但是当我检查端口从外面closures。

iptables -n -L =>输出：

 Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53

netstat -lnp =>输出：

 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 11222/named tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 652/master tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1357/nginx: master tcp 0 0 123.123.123.123:53 0.0.0.0:* LISTEN 11222/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 11222/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 585/sshd tcp6 0 0 ::1:953 :::* LISTEN 11222/named tcp6 0 0 ::1:25 :::* LISTEN 652/master tcp6 0 0 :::3306 :::* LISTEN 10529/mysqld tcp6 0 0 :::80 :::* LISTEN 1357/nginx: master tcp6 0 0 :::53 :::* LISTEN 11222/named tcp6 0 0 :::22 :::* LISTEN 585/sshd udp 0 0 123.123.123.123:53 0.0.0.0:* 11222/named udp 0 0 127.0.0.1:53 0.0.0.0:* 11222/named udp6 0 0 :::53 :::* 11222/named Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 11177 652/master private/verify unix 2 [ ACC ] STREAM LISTENING 11180 652/master public/flush unix 2 [ ACC ] STREAM LISTENING 11183 652/master private/proxymap unix 2 [ ACC ] STREAM LISTENING 11186 652/master private/proxywrite unix 2 [ ACC ] STREAM LISTENING 27726 10529/mysqld /var/lib/mysql/mysql.sock unix 2 [ ACC ] STREAM LISTENING 11189 652/master private/smtp unix 2 [ ACC ] STREAM LISTENING 11192 652/master private/relay unix 2 [ ACC ] STREAM LISTENING 11195 652/master public/showq unix 2 [ ACC ] STREAM LISTENING 11198 652/master private/error unix 2 [ ACC ] STREAM LISTENING 11201 652/master private/retry unix 2 [ ACC ] STREAM LISTENING 11204 652/master private/discard unix 2 [ ACC ] STREAM LISTENING 11272 325/acpid /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 11207 652/master private/local unix 2 [ ACC ] STREAM LISTENING 11210 652/master private/virtual unix 2 [ ACC ] STREAM LISTENING 11213 652/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 11216 652/master private/anvil unix 2 [ ACC ] STREAM LISTENING 11219 652/master private/scache unix 2 [ ACC ] STREAM LISTENING 14096 1082/php-fpm: maste /run/php-fpm/php-fpm.sock unix 2 [ ACC ] STREAM LISTENING 11151 652/master public/pickup unix 2 [ ACC ] STREAM LISTENING 9051 1/systemd /var/run/dbus/system_bus_socket unix 2 [ ACC ] SEQPACKET LISTENING 13690 1/systemd /run/udev/control unix 2 [ ACC ] STREAM LISTENING 13253 1/systemd /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 7127 1/systemd /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 11155 652/master public/cleanup unix 2 [ ACC ] STREAM LISTENING 11158 652/master public/qmgr unix 2 [ ACC ] STREAM LISTENING 11162 652/master private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 11165 652/master private/rewrite unix 2 [ ACC ] STREAM LISTENING 11168 652/master private/bounce unix 2 [ ACC ] STREAM LISTENING 11171 652/master private/defer unix 2 [ ACC ] STREAM LISTENING 11174 652/master private/trace

任何想法如何解决这个问题？

要解决您必须执行以下操作：

 iptables-save > temp.ruleset vi temp.ruleset

find与-j REJECT的行，只有一个。

把它移两行，在两个udp规则下面。

保存:wq 。

用iptables-restore < temp.ruleset重新加载编辑的规则集

请将来使用iptables -I (rule position number)而不是使用iptables -A来添加规则，因为您使用此input拒绝规则阻止任何低于它的内容将被阻止。