From owner-freebsd-security Tue Jul 28 00:35:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA23280 for freebsd-security-outgoing; Tue, 28 Jul 1998 00:35:28 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.aussie.org (hallam.lnk.telstra.net [139.130.54.166]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA23258 for ; Tue, 28 Jul 1998 00:35:20 -0700 (PDT) (envelope-from maillist@oaks.com.au) Received: from bigbox (frankenputer.aussie.org [203.29.75.73]) by mail.aussie.org (8.9.0/8.9.0) with SMTP id RAA23635; Tue, 28 Jul 1998 17:34:16 +1000 (EST) Message-Id: <199807280734.RAA23635@mail.aussie.org> From: "Hallam Oaks P/L list account" To: "freebsd-security@FreeBSD.ORG" , "Jesse" Date: Tue, 28 Jul 1998 17:35:03 +1000 Reply-To: "Hallam Oaks P/L list account" X-Mailer: PMMail 98 Standard (2.01.1600) For Windows NT (4.0.1381;3) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: ipfw rules to allow DNS activity Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 27 Jul 1998 00:16:38 -0700 (PDT), Jesse wrote: >I'm thinking of changing one of my boxes which is running bind (performing >primary secondary DNS functions) from allow-anything-except-things- >specifically-denied ipfw rules to deny-everything-except-things- >specifically-allowed rules (open vs closed? hehe). Anyway, I was wondering >what are the minimum rules necessary to allow DNS queries/transfers from >? >other servers to my server, and also to allow queries from my server to >other servers. check out the rc.firewall I posted to the list recently (it's also on the FreeBSD rc.firewall page ; see http://www.metronet.com/~pgilley/freebsd/ipfw/ for more info. the one I posted has entries to allow DNS (as the machine it's used on is a primary DNS server). -- Chris Hallam Oaks P/L To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message