modifying ipfw rules to accompany dnscache install
Joe Sotham
joe-dated-1052063962.072fd5 at dubium.com
Sun Apr 27 08:59:07 PDT 2003
My firewall starts with the everything denied principle. I was using the following
rules to allow udp packets to/fro my private netwo:
dns1 and dns2 are my service provider's nameserver ip addresses.
<snip>
${fwcmd} add 400 pass udp from any to ${dns1} 53
${fwcmd} add 400 pass udp from any to ${dns2} 53
${fwcmd} add 400 pass udp from ${dns1} 53 to any
${fwcmd} add 400 pass udp from ${dns2} 53 to any
<snip>
After installing dnscache I have had to open the ruleset up a little.
I am wondering if the following rule can be tightened up a little.
${fwcmd} add 400 pass udp from any to any 53 keep-state
--
Joe Sotham
More information about the freebsd-questions
mailing list