From owner-freebsd-security  Tue Dec 29 12:45:54 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA10093
          for freebsd-security-outgoing; Tue, 29 Dec 1998 12:45:54 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from inet.chip-web.com (c1003518-a.plstn1.sfba.home.com [24.1.82.47])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA10080
          for <freebsd-security@FreeBSD.ORG>; Tue, 29 Dec 1998 12:45:51 -0800 (PST)
          (envelope-from ludwigp@bigfoot.com)
Received: (qmail 19179 invoked from network); 29 Dec 1998 20:45:31 -0000
Received: from speedy.chip-web.com (HELO speedy) (172.16.1.1)
  by inet.chip-web.com with SMTP; 29 Dec 1998 20:45:31 -0000
Message-Id: <4.1.19981229124430.00a43cf0@mail-r>
X-Sender: ludwigp2@mail-r
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Tue, 29 Dec 1998 12:45:19 -0800
To: Dean <dean@thegrid.net>, freebsd-security@FreeBSD.ORG
From: Ludwig Pummer <ludwigp@bigfoot.com>
Subject: Re: ipfw and DNS
In-Reply-To: <368933F6.CEB82066@thegrid.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 11:56 AM 12/29/98 , Dean wrote:
>Hello all,
>    I am setting up my first packet filtering gateway to protect a small
>lan from the Internet and I'd like to block everything that isn't
>necessary.  I am interested in hearing other people's input on how they
>get around the problem of getting DNS queries from the inside to the
>outside.  I'd rather not accept any old udp packet with a source port of
>53.  I have read Cheswick & Bellovin's Firewalls book and they offer a
>solution, but I am interested in hearing other solutions.
>    I am not subscribed to this mailing list (though I should be), so
>please include me in your replies.
>Thanks for your help,
>Dean

take a look at the different pre-written rule sets in /etc/rc.firewall, as
I believe they do the sort of stuff you want to do.

--Ludwig Pummer ( ludwigp@bigfoot.com )
ICQ UIN: 692441 (  ludwigp@email.com  )

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message