Date: Thu, 27 Dec 2001 12:50:42 +0300 From: "Yuri Muhitov" <muhitov@kostasoft.spb.ru> To: <security@FreeBSD.ORG> Subject: RE: Help with ipfw rules to allow DNS queries through Message-ID: <2E8E747BA4D4994CB49D56AF57F1728208B2F7@adv.KOSTASOFT.kostasoft.spb.ru> In-Reply-To: <2E8E747BA4D4994CB49D56AF57F172820F78EC@adv.KOSTASOFT.kostasoft.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of X Philius
> Sent: Thursday, December 27, 2001 4:47 AM
> To: G.P. de Boer; security@FreeBSD.ORG
> Subject: Re: Help with ipfw rules to allow DNS queries through
>
Hi, Jason!
UDP is connectionless transport protocol, isn't it?
Just add two lines which allow you access to EXT DNS, the rest must work
fine.
${fwcmd} add pass udp from ${ip} to any 53
${fwcmd} add pass udp from any 53 to ${ip}
Furthermore, You can restrict the list of DNS'es. Replace ANY by explicit
addresses...
Good Luck, Yuri.
> I am currently using an external DNS server via resolv.conf, you are
> correct. I would think that the generic rule to allow all internally
> established connections (both udp and tcp) to pass through would allow
> this, even without any port specific rules. Is this not correct?
>
> # Allow set up of outgoing UDP connections
> ${fwcmd} add pass udp from ${ip} to any setup
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2E8E747BA4D4994CB49D56AF57F1728208B2F7>