From owner-freebsd-security  Mon Jul 27 00:17:00 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA22142
          for freebsd-security-outgoing; Mon, 27 Jul 1998 00:17:00 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from leaf.lumiere.net (j@leaf.lumiere.net [207.218.152.15])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA22137
          for <freebsd-security@freebsd.org>; Mon, 27 Jul 1998 00:16:57 -0700 (PDT)
          (envelope-from j@leaf.lumiere.net)
Received: (from j@localhost)
	by leaf.lumiere.net (8.9.1/8.9.1) id AAA00412;
	Mon, 27 Jul 1998 00:16:38 -0700 (PDT)
Date: Mon, 27 Jul 1998 00:16:38 -0700 (PDT)
From: Jesse <j@lumiere.net>
To: freebsd-security@FreeBSD.ORG
Subject: ipfw rules to allow DNS activity
Message-ID: <Pine.BSF.3.96.980727001106.118A-100000@leaf.lumiere.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Hi,

I'm thinking of changing one of my boxes which is running bind (performing
primary secondary DNS functions) from
allow-anything-except-things-specifically-denied ipfw rules to
deny-everything-except-things-specifically-allowed rules (open vs closed?
hehe). Anyway, I was wondering what are the minimum rules necessary to
allow DNS queries/transfers from other servers to my server, and also to
allow queries from my server to other servers.

I tried a variety of rules from the rc.firewall file, but it's still
blocking some traffic, so there must be something I'm missing.

Thanks! :)

---
Jesse <j@lumiere.net>
http://www.lumiere.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message