Date: Tue, 19 Oct 1999 21:11:33 -0400 (EDT) From: matt <matt@BabCom.ORG> To: FreeBSD-STABLE <stable@FreeBSD.ORG> Subject: ipfw rule wrong in rc.firewall(?) Message-ID: <Pine.BSF.4.20.9910192103180.8578-100000@s01.arpa-canada.net>
next in thread | raw e-mail | index | archive | help
Hello,
I don't know if this is what I think it is, but it sure took me
back a little bit. Please note that I may be totally wrong, but here is
what I expierenced on *MY* two FreeBSD 3.3-STABLE machines:
IPFW rules for DNS udp like this:
ipfw -q add allow udp from any 53 to 209.104.122.0/24
..... much later on .....
ipfw -q add deny udp from any to 209.104.122.0/24
now this udp allow for dns comes straight from /usr/src/etc/rc.firewall.
<--- quote
# Allow DNS queries out in the world
$fwcmd add pass udp from any 53 to ${ip}
$fwcmd add pass udp from ${ip} to any 53
end quote --->
This, totally broke anyone else being able to lookup domains served by my
namservers, a thought meant doing this;
ipfw -q add allow udp from any to 209.104.122.0/24 53
Which worked perfectly fine. I have not taken the time to dig into the
problem, I haven't slept, and am quite too tired to do this tonight. I
am reporting what I saw on my machine with the example not working. This
is probably just a matter of updating the example rc.firewall? I'll leave
it to the big boys to decide. Thanks.
Matt
--
"If the primates that we came from had known that someday politicians
would come out of the...the gene pool, they'd a stayed up in the trees
and written evolution off as a bad idea. Hell, I always thought the
opposable thumb was overrated."
-Sheridan, "A Distant Star"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.20.9910192103180.8578-100000>