ipfw lost its mind?
Paul Schmehl
pauls at utdallas.edu
Thu Mar 3 12:20:53 PST 2005
--On Friday, March 04, 2005 01:21:11 AM +0530 Subhro <subhro.kar at gmail.com>
wrote:
> Do you block UDP?
First question would be - which direction?
I allow udp *to* port 53. I allow *ip* outgoing, so any response to a dns
request would be answered.
> I am asking this because, I *used* do a block on all UDP except the DNS
> port and had exactly the same problem.
>
Very odd. I'll give that a try.
Even though it doesn't make sense to me. If my *first* rule is "allow ip
from x.x.x.x/32 to {server}" and I also have a rule that says "allow ip
from {server} to any", then I can't imagine why a restriction on udp would
interfere with that since "ip" includes both tcp and udp.
Besides the firewall has been working flawlessly for three years *with*
that restriction. Makes me think that *something* in the firewall code
changed recently and got installed when I ran freebsd-update.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
More information about the freebsd-questions
mailing list