Iptables DNS only from one ip address
I have a question set for a computing class:
You have a network in which there are 4 computers on an internal network which all pass through the gateway labelled "gw1".
You must construct an iptables rule set in which only the machine called "dns1" (with the ip address of 184.108.40.206) is allowed to make outbound DNS requests (UDP port 53) and receive the associated replies. All other inbound and outbound UDP traffic is not permitted. The interface in use is eth0.
I came up with the solution of:
Iptables -I INPUT -i eth0 -p UDP -d 220.127.116.11 --dport 53 -j accept
Iptables -I OUTPUT -i eth0 -p UDP -s 18.104.22.168 --dport 53 -j accept
Iptables -I INPUT -i eth0 -p UDP -j DROP
Iptables -I OUTPUT -i eth0 -p UDP -j DROP
However this is incorrect. Can anyone explain why I am wrong, and maybe point me in the correct direction?