Date: Sat, 2 May 1998 21:39:59 -0700 (PDT) From: Doug White <dwhite@gdi.uoregon.edu> To: Dima Dorfman <dima@apc.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW Message-ID: <Pine.BSF.3.96.980502213831.21194e-100000@gdi.uoregon.edu> In-Reply-To: <3.0.5.32.19980501211444.00919bb0@mail.apc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 May 1998, Dima Dorfman wrote: > Hi: > > I'm trying to deny UDP to my whole network, except DNS. I am using IPFW, > and Bind 8.1.1. Here are my rules: > > ipfw add 1 allow udp from any to 192.168.77.2 53 > ipfw add 2 deny udp from any to any > > It still doesn't work. DNS doesn't get through. I heard that bind uses > wired addresses which it isn't allowed to use, but 8.1.1 fixed that with a > line in the named.conf file. I added that line, but it still seems to be > responding on 138, 1050, 1051, ... This is correct -- you contact port 53 on the *server*, but the *client* gets a random port number. You need to allow traffic that is going out to port 53 and coming from port 53 -- basically, `allow udp from any to any 53'. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980502213831.21194e-100000>