Date: Wed, 20 Mar 2002 17:52:11 +0100 From: Walter Hop <walter@binity.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw rules: dangerous rules? Message-ID: <200203201749.08396@silver.dt1.binity.net> In-Reply-To: <20020320160349.GB27566@icarus.slightlystrange.org> References: <3C992774.D763B085@froekjaer.org> <Pine.GSO.4.33.0203201646400.12073-100000@bark> <20020320160349.GB27566@icarus.slightlystrange.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[in reply to Daniel Bye, Wednesday 20 March 2002 17:03] [Proposed ruleset to allow DNS] > > ipfw add allow udp from any to DNS-IP 53 out via INTERFACE > > ipfw add allow udp from DNS-IP 53 to any in via INTERFACE Wouldn't this ruleset allow evil people to send udp packets from their port 53 to an arbitrary UDP port on this box, and possibly reach local services such as rpc, nfs and smb by this rule? Or am I being paranoid? :) walter -- Walter Hop <walter@binity.com> | +31 6 24290808 | PGP keyid 0x84813998 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203201749.08396>