From owner-freebsd-questions Mon Apr 16 5:58:14 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 2ED0837B424 for ; Mon, 16 Apr 2001 05:58:12 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f3GE4P367031; Mon, 16 Apr 2001 09:04:25 -0500 (CDT) (envelope-from nick@rogness.net) Date: Mon, 16 Apr 2001 09:04:25 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Caleb Walker Cc: Dru , questions@FreeBSD.ORG Subject: Re: IPFW rules In-Reply-To: <017201c0c634$6b5893a0$2701a8c0@cwalk.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 15 Apr 2001, Caleb Walker wrote: > This brings me to another question about my firewall. I have windows > users that are behind a firewall and DNS servers are on the other > side. I notice that windows sends dns queries from some unknown port > number to port 53. I have been using keep-state for this to work b8ut > I dont like doing that. Is there another way to make sure that DNS > queries are passed all of the time? ipfw add 100 allow udp from any to any 53 ipfw add 101 allow udp from any 53 to any Of course, the prefered method is to probably use keep-state. The 2 rules above are not very secure at all...but they will pass DNS traffic just fine. Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message