I am unable to find a way to address this in the csf.conf file, though I assume it is there...
It appears as though all traffic to all ports is allowed in if the source port is 53.
# iptables -L -n | grep spt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
This would seem to open a hole for anyone to get in as long as they were using Port 53 out from their host.
We need everyone to be able to reach destination port 53 on the server but do not want to allow all traffic from all sources to all ports if they are coming in from source port 53...only if they are hitting a port we have specifically opened.
Any ideas on how to address this?
Prevent allowed spt 53: CVE-2003-1491, CVE-2004-1473
Re: Prevent allowed spt 53: CVE-2003-1491, CVE-2004-1473
Found it. Enabled DNS_STRICT to have those rules disabled.