Date: Thu, 27 Dec 2001 14:33:54 +0300 From: Yury XTC <xtc@norilsk.net> To: security@FreeBSD.ORG Subject: Re: Help with ipfw rules to allow DNS queries through Message-ID: <200112271424.2161@XTC.NORILSK.NET> In-Reply-To: <2E8E747BA4D4994CB49D56AF57F1728208B2F7@adv.KOSTASOFT.kostasoft.spb.ru> References: <2E8E747BA4D4994CB49D56AF57F1728208B2F7@adv.KOSTASOFT.kostasoft.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> UDP is connectionless transport protocol, isn't it?
> Just add two lines which allow you access to EXT DNS, the rest must wor=
k
> fine.
>
> ${fwcmd} add pass udp from ${ip} to any 53
> ${fwcmd} add pass udp from any 53 to ${ip}
>
> Furthermore, You can restrict the list of DNS'es. Replace ANY by explic=
it
> addresses...
>
Hey! You forget what DNS worked over TCP and UDP
try this:
add allow udp from any to ${ip} 53 in recv xl0
add allow tcp from any to ${ip} 53 setup keep-state
add allow udp from any to any out
As help go to http://www.onlamp.com/pub/ct/15
Read the articles:
Monitoring IPFW Logs
IPFW Logging
BSD Firewalls: Fine-Tuning Rulesets
BSD Firewalls: IPFW Rulesets
BSD Firewalls: IPFW
--=20
Bast regards
Yury XTC Voloshin xtc@norilsk.net
Info-portal of Norilsk town http://norilsk.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112271424.2161>