Date: Tue, 8 Jul 2008 13:14:33 -0700 From: "David Allen" <the.real.david.allen@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: ports Message-ID: <2daa8b4e0807081314v2b02a0fbu4d88da0ca26c988e@mail.gmail.com> In-Reply-To: <200807082004.25873.fbsd.questions@rachie.is-a-geek.net> References: <4873927E.3050307@godfur.com> <44ej64s4e7.fsf@be-well.ilk.org> <48739EB6.4040909@infracaninophile.co.uk> <200807082004.25873.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 8, 2008 at 11:04 AM, Mel <fbsd.questions@rachie.is-a-geek.net> wrote: > On Tuesday 08 July 2008 19:07:02 Matthew Seaman wrote: > >> You can configure named to always send packets using a >> fixed port number (which can be helpful for firewalling) > > Purely outof interest, which (useful) firewall/nat rules cannot be made with > dest port 53, that can be made with source port 53. Not talking syntax, > but "business logically". Fewer rules for those with a predisposition to being anal? IIRC, pf offers a policy-based approch which I believe could make use of such distinctions, but I think the advantages of managing the source/destination ports for querries, transfers, etc. are found more in traffic accounting than in writing rulesets.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2daa8b4e0807081314v2b02a0fbu4d88da0ca26c988e>