Date: Sun, 27 Apr 2003 08:59:22 -0700 (PDT) From: Joe Sotham <joe-dated-1052063962.072fd5@dubium.com> To: freebsd-questions@freebsd.org Subject: modifying ipfw rules to accompany dnscache install Message-ID: <1868.192.168.0.1.1051459162.squirrel@sigfried>
next in thread | raw e-mail | index | archive | help
My firewall starts with the everything denied principle. I was using the following
rules to allow udp packets to/fro my private netwo:
dns1 and dns2 are my service provider's nameserver ip addresses.
<snip>
${fwcmd} add 400 pass udp from any to ${dns1} 53
${fwcmd} add 400 pass udp from any to ${dns2} 53
${fwcmd} add 400 pass udp from ${dns1} 53 to any
${fwcmd} add 400 pass udp from ${dns2} 53 to any
<snip>
After installing dnscache I have had to open the ruleset up a little.
I am wondering if the following rule can be tightened up a little.
${fwcmd} add 400 pass udp from any to any 53 keep-state
--
Joe Sotham
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1868.192.168.0.1.1051459162.squirrel>