From owner-freebsd-net@FreeBSD.ORG  Thu Jul 17 23:00:04 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 287321065674
	for <freebsd-net@freebsd.org>; Thu, 17 Jul 2008 23:00:04 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from mail2.fluidhosting.com (mx23.fluidhosting.com [204.14.89.6])
	by mx1.freebsd.org (Postfix) with ESMTP id 88F688FC1A
	for <freebsd-net@freebsd.org>; Thu, 17 Jul 2008 23:00:03 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: (qmail 30206 invoked by uid 399); 17 Jul 2008 22:33:22 -0000
Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1)
	by localhost with ESMTPAM; 17 Jul 2008 22:33:22 -0000
X-Originating-IP: 127.0.0.1
X-Sender: dougb@dougbarton.us
Message-ID: <487FC8B1.4070003@FreeBSD.org>
Date: Thu, 17 Jul 2008 15:33:21 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://www.FreeBSD.org/
User-Agent: Thunderbird 2.0.0.14 (X11/20080606)
MIME-Version: 1.0
To: Daniel Gerzo <danger@FreeBSD.org>
References: <743720911.20080717222210@rulez.sk>
In-Reply-To: <743720911.20080717222210@rulez.sk>
X-Enigmail-Version: 0.95.6
OpenPGP: id=D5B2F0FB
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: etc/rc.firewall6
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2008 23:00:04 -0000

Daniel Gerzo wrote:
> Hello freebsd-net,
> 
>   would somebody more knowledgeable then I am in ip6 review this [1]
>   small patch for /etc/rc.firewall6? May I get an approval from some
>   src/ committer to commit this (please keep me in the CC: list)?
> 
>   Thank you.
> 
>   [1] http://cvsup.sk.freebsd.org/~danger/rc.ipfw6.diff
> 

Looks like the right direction to go in for the DNS stuff, yes.

About the ntp stuff, 2 questions. First, you did not make the same 
changes in the NTP section in the second hunk as you did in the first, 
is that intentional? Second, wouldn't it be better to specify the port 
number (123) on both sides? NTP uses that same port for sending and 
receiving queries, and I've always built firewalls that way successfully.

Doug

-- 

     This .signature sanitized for your protection