From owner-freebsd-security  Thu Sep 25 20:16:14 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id UAA02919
          for security-outgoing; Thu, 25 Sep 1997 20:16:14 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id UAA02887
          for <security@FreeBSD.ORG>; Thu, 25 Sep 1997 20:15:53 -0700 (PDT)
Received: (from danny@localhost)
	by panda.hilink.com.au (8.8.5/8.8.5) id NAA16000;
	Fri, 26 Sep 1997 13:13:56 +1000 (EST)
Date: Fri, 26 Sep 1997 13:13:55 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Nate Williams <nate@mt.sri.com>
cc: Don Lewis <Don.Lewis@tsc.tdk.com>, Nate Williams <nate@mt.sri.com>,
        Chris Stenton <jacs@gnome.co.uk>, security@FreeBSD.ORG
Subject: Re: rc.firewall weakness?
In-Reply-To: <199709260216.UAA20908@rocky.mt.sri.com>
Message-ID: <Pine.BSF.3.91.970926131247.262Q@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


On Thu, 25 Sep 1997, Nate Williams wrote:

> > You've got it, which is why I only permit UDP 53<->53 and 123<->123.
> 
> How do you do that?  You must not be using IPFW, since it really doesn't
> allow the ability to permit <port>-<port>.

What about:

ipfw add 1000 allow udp from any 53 to 1.2.3.4 53 in

Danny