Date: Thu, 03 Mar 2005 14:20:53 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: 'FreeBSD questions' <freebsd-questions@freebsd.org> Subject: RE: ipfw lost its mind? Message-ID: <D8C861D5E62575A2A5639574@utd49554.utdallas.edu> In-Reply-To: <42276ab8.5a7f85a2.4c2a.3e73@smtp.gmail.com> References: <42276ab8.5a7f85a2.4c2a.3e73@smtp.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Friday, March 04, 2005 01:21:11 AM +0530 Subhro <subhro.kar@gmail.com>
wrote:
> Do you block UDP?
First question would be - which direction?
I allow udp *to* port 53. I allow *ip* outgoing, so any response to a dns
request would be answered.
> I am asking this because, I *used* do a block on all UDP except the DNS
> port and had exactly the same problem.
>
Very odd. I'll give that a try.
Even though it doesn't make sense to me. If my *first* rule is "allow ip
from x.x.x.x/32 to {server}" and I also have a rule that says "allow ip
from {server} to any", then I can't imagine why a restriction on udp would
interfere with that since "ip" includes both tcp and udp.
Besides the firewall has been working flawlessly for three years *with*
that restriction. Makes me think that *something* in the firewall code
changed recently and got installed when I ran freebsd-update.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D8C861D5E62575A2A5639574>