Re: Help with ipfw rules to allow DNS queries through
From: Dave Raven (dave@kill-9.za.net)
Date: 12/26/01
- Next message: Robert D. Hughes: "RE: Help with ipfw rules to allow DNS queries through"
- Previous message: Thomas T. Veldhouse: "Re: Help with ipfw rules to allow DNS queries through"
- In reply to: Thomas T. Veldhouse: "Re: Help with ipfw rules to allow DNS queries through"
- Next in thread: X Philius: "Re: Help with ipfw rules to allow DNS queries through"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dave Raven" <dave@kill-9.za.net> To: <security@FreeBSD.ORG>, <xphilius@yahoo.com> Date: Wed, 26 Dec 2001 22:32:51 +0200
The first line should be left in my opinion. Later versions of Bind (e.g)
have been using tcp more and more.
I assume your running bind (named). so add Thomas' firewall rules and look
into this
for bind (check /etc/namedb/named.conf) rather:
acl lan {
192.168/16 ;
127.0.0.1 ;
} ;
options {
directory "/etc/namedb";
query-source port 53;
allow-query { any ; } ;
allow-recursion { lan ; } ;
allow-transfer { lan ; } ;
};
query-source dictates the port to use when originating queries etc. ; this
will help your firewall.
(more in the named.conf file).
allow-query to any will allow all people to query your server (if you intend
to host dns you need this).
recursion and transfers will only be allowed to 192.168.*.* and localhost.
Dave.
OpteqSec.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Robert D. Hughes: "RE: Help with ipfw rules to allow DNS queries through"
- Previous message: Thomas T. Veldhouse: "Re: Help with ipfw rules to allow DNS queries through"
- In reply to: Thomas T. Veldhouse: "Re: Help with ipfw rules to allow DNS queries through"
- Next in thread: X Philius: "Re: Help with ipfw rules to allow DNS queries through"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
