From owner-freebsd-hackers  Mon Jun  2 04:49:00 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id EAA14866
          for hackers-outgoing; Mon, 2 Jun 1997 04:49:00 -0700 (PDT)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA14857
          for <hackers@FreeBSD.ORG>; Mon, 2 Jun 1997 04:48:56 -0700 (PDT)
Message-Id: <199706021148.EAA14857@hub.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA224951819; Mon, 2 Jun 1997 21:43:39 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: Improvements to rc.firewall?
To: perhaps@yes.no (Eivind Eklund)
Date: Mon, 2 Jun 1997 21:43:39 +1000 (EST)
Cc: Harlan.Stenn@pfcs.com, perhaps@yes.no, hackers@FreeBSD.ORG
In-Reply-To: <199706021036.MAA19344@bitbox.follo.net> from "Eivind Eklund" at Jun 2, 97 12:36:30 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


Hmmm, ipfilter doesn't necessarily expose you to this...

pass out on ppp0 proto udp from <thishost> port = 53 to any keep state

(it will parse that too!) althought the timeout is not short.  this will
automatically let the reply packets back in.

only a named should be talking to an external named so you can do filter
packets to/from port 53.

darren