From owner-freebsd-security Mon Apr 22 4: 6:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id BFAC837B433 for ; Mon, 22 Apr 2002 04:06:15 -0700 (PDT) Received: (qmail 38849 invoked from network); 22 Apr 2002 10:55:29 -0000 Received: from ear.nlink.com.br (HELO ear.com.br) (200.249.196.67) by mirage.nlink.com.br with SMTP; 22 Apr 2002 10:55:29 -0000 Received: from EARMDPA01/SpoolDir by ear.com.br (Mercury 1.48); 22 Apr 02 07:58:53 GMT-3 Received: from SpoolDir by EARMDPA01 (Mercury 1.48); 22 Apr 02 07:57:51 GMT-3 From: "Mario Lobo" Organization: American School of Recife - Brazil To: freebsd-security@freebsd.org Date: Mon, 22 Apr 2002 07:57:08 -0300 MIME-Version: 1.0 Subject: DNS Question Reply-To: mlobo@ear.com.br Message-ID: <3CC3C250.28097.2D5EA4@localhost> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi; I have a DNS (named) server running on a FreeBSD 4.4 box firewall. ipfw allows queries to ports 53 and 1024 from any IP inside the private network (internal interface) and only certain ISP IPs on the external interface. I need to open those ports to any IP on the external interface. Is there any security concerns I should have if I do this ? The only services I have running are ssh (restricted to specific IPs) and squid (local only). Thanks, - *** Mario Lobo *** Dean of Computer Department *** American School of Recife To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message