Date: Thu, 30 Nov 2000 17:43:44 +0200 From: Peter Pentchev <roam@orbitel.bg> To: freebsd-security@FreeBSD.org Subject: Re: FreeBSD Firewall - Help please Message-ID: <20001130174344.F9269@ringworld.oblivion.bg> In-Reply-To: <200011301539.KAA29269@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Thu, Nov 30, 2000 at 10:39:08AM -0500 References: <017801c05ac5$cafd02d0$3cfdf2c8@nirvana> <20001130152521.B9269@ringworld.oblivion.bg> <3A26643D.E0CCD8FD@algroup.co.uk> <20001130163937.D9269@ringworld.oblivion.bg> <200011301539.KAA29269@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 30, 2000 at 10:39:08AM -0500, Garrett Wollman wrote: > <<On Thu, 30 Nov 2000 16:39:37 +0200, Peter Pentchev <roam@orbitel.bg> said: > > > The only way to get around this is with a stateful firewall - allowing > > UDP-source-port-53 traffic only after an outgoing UDP packet to that > > host's port 53. > > But for a lot of reasons, you're better off running a caching > nameserver on (or around) your firewall anyway. Then you don't need > to allow any DNS traffic through your filtering rules. I think the original poster was talking about configuring exactly a gateway/firewall machine. G'luck, Peter -- What would this sentence be like if it weren't self-referential? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001130174344.F9269>