From owner-freebsd-ipfw  Tue Jan 18  9:43: 3 2000
Delivered-To: freebsd-ipfw@freebsd.org
Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4])
	by hub.freebsd.org (Postfix) with ESMTP
	id C82D215330; Tue, 18 Jan 2000 09:42:57 -0800 (PST)
	(envelope-from freebsd@gndrsh.dnsmgr.net)
Received: (from freebsd@localhost)
	by gndrsh.dnsmgr.net (8.9.3/8.9.3) id JAA48615;
	Tue, 18 Jan 2000 09:42:41 -0800 (PST)
	(envelope-from freebsd)
From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Message-Id: <200001181742.JAA48615@gndrsh.dnsmgr.net>
Subject: Re: New Firewall
In-Reply-To: <Pine.BSF.4.21.0001181028120.2429-100000@marius.org> from Marius Strom at "Jan 18, 2000 10:28:44 am"
To: marius@alpha1.net (Marius Strom)
Date: Tue, 18 Jan 2000 09:42:41 -0800 (PST)
Cc: oogali@intranova.net (Omachonu Ogali),
	briang@expnet.net (Brian Gallucci), isp@FreeBSD.ORG,
	freebsd-ipfw@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Incidentally, you may want to allow (udp|tcp)/53 for DNS services inbound,
> if that's necessary. ( It's fumbled many a new FW setup )

And is often done quite wrong.  udp|tcp/53 is often used as a way around
a firewall if the rules are not written correctly.  See archive of this
and other FreeBSD mailling lists for lots of discussion about how to and
how not to do this correctly.

...[No need to quote the whole thing yet again....]


-- 
Rod Grimes - KD7CAX @ CN85sl - (RWG25)               rgrimes@gndrsh.dnsmgr.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message