From owner-freebsd-security  Mon Jul 27 06:58:17 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA20733
          for freebsd-security-outgoing; Mon, 27 Jul 1998 06:58:17 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA20623
          for <freebsd-security@freebsd.org>; Mon, 27 Jul 1998 06:58:07 -0700 (PDT)
          (envelope-from mike@seidata.com)
Received: from localhost (mike@localhost)
	by ns1.seidata.com (8.8.8/8.8.5) with SMTP id JAA25944;
	Mon, 27 Jul 1998 09:59:53 -0400 (EDT)
Date: Mon, 27 Jul 1998 09:59:53 -0400 (EDT)
From: Mike <mike@seidata.com>
To: Jesse <j@lumiere.net>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: ipfw rules to allow DNS activity
In-Reply-To: <Pine.BSF.3.96.980727001106.118A-100000@leaf.lumiere.net>
Message-ID: <Pine.BSF.4.01.9807270956570.24288-100000@ns1.seidata.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 27 Jul 1998, Jesse wrote:

> hehe). Anyway, I was wondering what are the minimum rules necessary to
> allow DNS queries/transfers from other servers to my server, and also to
> allow queries from my server to other servers.

I'm running BIND8, and would suggest that you simply use an
'allow-transfer' statement in named.conf if you are doing the same.
Unless you prefer using ipfw for some reason, setup and maintenance seems
much simpler and understandable through named.conf.

	allow-transfer {
		10.2.0.1;	// ips of servers to allow...
		10.2.0.3;
		//etc...
	};

	-mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message