From owner-freebsd-security  Tue Dec 29 12:01:29 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA04490
          for freebsd-security-outgoing; Tue, 29 Dec 1998 12:01:29 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail-gw2.pacbell.net (mail-gw2.pacbell.net [206.13.28.53])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA04485
          for <freebsd-security@freebsd.org>; Tue, 29 Dec 1998 12:01:28 -0800 (PST)
          (envelope-from dean@thegrid.net)
Received: from thegrid.net (ppp-206-170-2-237.sntc01.pacbell.net [206.170.2.237]) by mail-gw2.pacbell.net (8.8.8/8.7.1+antispam) with ESMTP id MAA23863 for <freebsd-security@freebsd.org>; Tue, 29 Dec 1998 12:01:10 -0800 (PST)
Message-ID: <368933F6.CEB82066@thegrid.net>
Date: Tue, 29 Dec 1998 11:56:39 -0800
From: Dean <dean@thegrid.net>
X-Mailer: Mozilla 4.04 [en] (Win95; U)
MIME-Version: 1.0
To: freebsd-security@FreeBSD.ORG
Subject: ipfw and DNS
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello all,
    I am setting up my first packet filtering gateway to protect a small
lan from the Internet and I'd like to block everything that isn't
necessary.  I am interested in hearing other people's input on how they
get around the problem of getting DNS queries from the inside to the
outside.  I'd rather not accept any old udp packet with a source port of
53.  I have read Cheswick & Bellovin's Firewalls book and they offer a
solution, but I am interested in hearing other solutions.
    I am not subscribed to this mailing list (though I should be), so
please include me in your replies.
Thanks for your help,
Dean


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message