From owner-freebsd-questions@FreeBSD.ORG Tue Jul 8 20:14:35 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B6CD106564A for ; Tue, 8 Jul 2008 20:14:35 +0000 (UTC) (envelope-from the.real.david.allen@gmail.com) Received: from rn-out-0910.google.com (rn-out-0910.google.com [64.233.170.185]) by mx1.freebsd.org (Postfix) with ESMTP id E38288FC0C for ; Tue, 8 Jul 2008 20:14:34 +0000 (UTC) (envelope-from the.real.david.allen@gmail.com) Received: by rn-out-0910.google.com with SMTP id j71so803035rne.12 for ; Tue, 08 Jul 2008 13:14:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=0VUNhYTCGjJParkhTSC58QfvzD6/GAl3R/sbn/SL4Q4=; b=ht8vS8HWolGR5VzrCTIkNhhJupMkM7A4smrrLcJxlP05sQ/O24dfSDZyxhib8hAjkC LwDVg5b+v7mVXfn7rISF6MrjtuvBbVskJnVly/i2s9pIz5B5ZnrapPCEebMotVDIWBnF lVXBx5M5ehidAqgNqc1t0xfQRwgkmOdBEbZAM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=c9UgGzSn20kXQMjgnolQ2i6aSBGOiASexjEGw9vI/H/ZozX4eJAy2IUFgWZgMpnoCb SJ52b0mCeb8mUmmfTpsc0ykEPHBb1gjy+wRdPmUbpt6g7wuY256dnMHeVWvSa7Qfx0UY FHRnqPP6/0N7ebHmIv2/YyfjVyIZtjB4pmWWs= Received: by 10.150.177.20 with SMTP id z20mr10970231ybe.72.1215548074003; Tue, 08 Jul 2008 13:14:34 -0700 (PDT) Received: by 10.151.111.10 with HTTP; Tue, 8 Jul 2008 13:14:33 -0700 (PDT) Message-ID: <2daa8b4e0807081314v2b02a0fbu4d88da0ca26c988e@mail.gmail.com> Date: Tue, 8 Jul 2008 13:14:33 -0700 From: "David Allen" To: freebsd-questions@freebsd.org In-Reply-To: <200807082004.25873.fbsd.questions@rachie.is-a-geek.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4873927E.3050307@godfur.com> <44ej64s4e7.fsf@be-well.ilk.org> <48739EB6.4040909@infracaninophile.co.uk> <200807082004.25873.fbsd.questions@rachie.is-a-geek.net> Subject: Re: ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2008 20:14:35 -0000 On Tue, Jul 8, 2008 at 11:04 AM, Mel wrote: > On Tuesday 08 July 2008 19:07:02 Matthew Seaman wrote: > >> You can configure named to always send packets using a >> fixed port number (which can be helpful for firewalling) > > Purely outof interest, which (useful) firewall/nat rules cannot be made with > dest port 53, that can be made with source port 53. Not talking syntax, > but "business logically". Fewer rules for those with a predisposition to being anal? IIRC, pf offers a policy-based approch which I believe could make use of such distinctions, but I think the advantages of managing the source/destination ports for querries, transfers, etc. are found more in traffic accounting than in writing rulesets.