From owner-freebsd-security Mon Jul 27 06:58:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA20733 for freebsd-security-outgoing; Mon, 27 Jul 1998 06:58:17 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA20623 for ; Mon, 27 Jul 1998 06:58:07 -0700 (PDT) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with SMTP id JAA25944; Mon, 27 Jul 1998 09:59:53 -0400 (EDT) Date: Mon, 27 Jul 1998 09:59:53 -0400 (EDT) From: Mike To: Jesse cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw rules to allow DNS activity In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 27 Jul 1998, Jesse wrote: > hehe). Anyway, I was wondering what are the minimum rules necessary to > allow DNS queries/transfers from other servers to my server, and also to > allow queries from my server to other servers. I'm running BIND8, and would suggest that you simply use an 'allow-transfer' statement in named.conf if you are doing the same. Unless you prefer using ipfw for some reason, setup and maintenance seems much simpler and understandable through named.conf. allow-transfer { 10.2.0.1; // ips of servers to allow... 10.2.0.3; //etc... }; -mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message