From owner-freebsd-security@FreeBSD.ORG  Sat Dec 20 13:36:07 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E00C16A4CE
	for <freebsd-security@freebsd.org>;
	Sat, 20 Dec 2003 13:36:07 -0800 (PST)
Received: from timmy.inbox.lv (timmy.inbox.lv [81.94.227.7])
	by mx1.FreeBSD.org (Postfix) with SMTP id 616B243D5E
	for <freebsd-security@freebsd.org>;
	Sat, 20 Dec 2003 13:36:05 -0800 (PST)
	(envelope-from bonifaktuura@inbox.lv)
Received: (qmail 18064 invoked from network); 20 Dec 2003 21:34:31 -0000
Received: from unknown (HELO spampd.localdomain) (10.0.1.7)
  by timmy.inbox.lv with SMTP; 20 Dec 2003 21:34:31 -0000
Received: from 80.81.40.152 ( [80.81.40.152])
	as user bonifaktuura@10.0.1.1 by www2.inbox.lv with HTTP;
	Sat, 20 Dec 2003 23:34:31 +0200
Message-ID: <1071956071.3fe4c0675e36f@www2.inbox.lv>
Date: Sat, 20 Dec 2003 23:34:31 +0200
From: bonifaktuura@inbox.lv
To: freebsd-security@FreeBSD.ORG
References: <20031219162648.GA76539@blurp.one.pl>
	<20031219193645.759a4dbe.list@ostankino.ru>
	<20031219164713.GA76661@blurp.one.pl>
	<200312191920.39141.mkenyeres@konvergencia.hu>
In-Reply-To: <200312191920.39141.mkenyeres@konvergencia.hu>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
User-Agent: Inbox.lv Webmail
Subject: Re: Configuring JAIL to bind on lo0 interface
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Dec 2003 21:36:07 -0000

> so allow rules will look something along the lines of:
>
> pass in quick on fxp0 proto tcp from any to 127.0.0.53 port = 1053 flags S 
> keep state
> pass in quick on fxp0 proto udp from any to 127.0.0.53 port = 1053 keep
> state

well, in case if he has block by default policy he will need smth like
this, too:

pass out quick on fxp0 proto tcp from 127.0.0.53 to any port = 53 flags S keep state
pass out quick on fxp0 proto udp from 127.0.0.53 to any port = 53 keep state

and changing 'any' to dns servers he's using as masters is good idea.

p.
This message contains no viruses.
Guaranteed by Kaspersky Anti-Virus.
http://www.antivirus.lv