Date: Wed, 20 Mar 2002 16:49:51 +0100 (MET) From: Paul Everlund <tdv94ped@cs.umu.se> To: Flemming =?iso-8859-1?Q?Fr=F8kjk=E6r?= <flemming@froekjaer.org> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw rules Message-ID: <Pine.GSO.4.33.0203201646400.12073-100000@bark> In-Reply-To: <3C992774.D763B085@froekjaer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Mar 2002, Flemming Frøkjkær wrote: > I'm trying to build a firewall based on the simple firewall in the > rc.firewall script > after enabling the firewall I can't look up any addresses. If I use > nslookup it just times out :( > I can add a rule like this: ipfw add 9999 pass all from any to any > Then everything works, but the firewall does not do me any good :( > what rules should I add to make DNS work? You must let DNS queries UDP out to port 53, and also let them back in from port 53. Also DNS TCP out to port 53 should be allowed (I think). Something like this: ipfw add allow udp from any to DNS-IP 53 out via INTERFACE ipfw add allow udp from DNS-IP 53 to any in via INTERFACE ipfw add allow tcp from any to DNS-IP 53 out via INTERFACE Good luck! Best regards, Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.33.0203201646400.12073-100000>