Date: Wed, 20 Oct 1999 05:05:09 -0400 (EDT) From: matt <matt@BabCom.ORG> To: Ruslan Ermilov <ru@ucb.crimea.ua> Cc: FreeBSD-STABLE <stable@FreeBSD.ORG> Subject: Re: ipfw rule wrong in rc.firewall(?) Message-ID: <Pine.BSF.4.20.9910200503320.40234-100000@s01.arpa-canada.net> In-Reply-To: <19991020104749.B17206@relay.ucb.crimea.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Oct 1999, Ruslan Ermilov wrote:
[...]
: You took these rules from the wrong place, they belong to the `client'
: section, while you are talking about the server side.
Argh.. that is what I get for paging thru the file in a rush.
[...]
: Yes, src/etc/rc.firewall is incomplete, it misses two rules for incoming
: UDP queries.
Well, I guess I was not *totally* wrong, which is a minor miricle.
: # Allow access to our DNS
: allow tcp from any to ${oip} 53 setup # zone transfers
: allow udp from any to ${oip} 53 # incoming DNS queries (missing)
: allow udp from ${oip} 53 to any # answers to these queries (missing)
:
: # Allow DNS queries out in the world
: allow udp from ${oip} to any 53 # outgoing DNS queries
: allow udp from any 53 to ${oip} # answers to these queries
:
:
: --
: Ruslan Ermilov Sysadmin and DBA of the
: ru@ucb.crimea.ua United Commercial Bank,
: ru@FreeBSD.org FreeBSD committer,
: +380.652.247.647 Simferopol, Ukraine
:
: http://www.FreeBSD.org The Power To Serve
: http://www.oracle.com Enabling The Information Age
:
--
"If the primates that we came from had known that someday politicians
would come out of the...the gene pool, they'd a stayed up in the trees
and written evolution off as a bad idea. Hell, I always thought the
opposable thumb was overrated."
-Sheridan, "A Distant Star"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.20.9910200503320.40234-100000>