From owner-freebsd-security Mon Aug 23 12:35:36 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91]) by hub.freebsd.org (Postfix) with ESMTP id 9F1AC158F1 for ; Mon, 23 Aug 1999 12:35:26 -0700 (PDT) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id NAA01793 for ; Mon, 23 Aug 1999 13:35:21 -0600 (MDT) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id NAA01122; Mon, 23 Aug 1999 13:35:21 -0600 Date: Mon, 23 Aug 1999 13:35:21 -0600 Message-Id: <199908231935.NAA01122@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: freebsd-security@FreeBSD.org Subject: IPFW/DNS rules X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@mt.sri.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a public DNS server that I need people to be able to query, but is there anything I can do to avoid anyone doing anything 'nasty' to it. Also, I need to open up access to it to those hosts that secondary me, as well as those I secondary for. (I also want to make sure that none of my internal hosts 'leak' DNS stuff, but that they also all go through the DNS server in order to find hosts...) I've got some rules in place, but if someone has gotten DNS firewall rules I'd be grateful to see them. Thanks! Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message