Date: Fri, 19 Jul 2002 22:26:55 +0200 (CEST) From: "=?iso-8859-1?Q?Arvinn_L=F8kkebakken?=" <arvinn@whitebird.no> To: <sabri@cluecentral.net> Cc: <Danny.Carroll@mail.ing.nl>, <bart@dreamflow.nl>, <security@freebsd.org> Subject: RE: ipfw and it's glory... Message-ID: <4181.217.118.33.65.1027110415.squirrel@everlast.whitebird.no> In-Reply-To: <20020717153409.Y86012-100000@doos.cluecentral.net> References: <6C506EA550443D44A061432F1E92EA4C6C5364@ing.com> <20020717153409.Y86012-100000@doos.cluecentral.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> But it's source port will be 53. So you can put in a rule for that. >> Plus it's only 1 or 2 servers so you can put in special rules for >> them. > > Unless you run a local dnscache (which I would do). > So what? The scenario is the same! Even though it's cahing dns info it have to go out there to get the info in the first place. Computers on the inside segment though doesn't need to get through the firewall to port 53, but the dns server itself has to! Arvinn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4181.217.118.33.65.1027110415.squirrel>