modifying ipfw rules to accompany dnscache install

Joe Sotham joe-dated-1052063962.072fd5 at dubium.com
Sun Apr 27 08:59:07 PDT 2003


My firewall starts with the everything denied principle. I was using the following
rules to allow udp packets to/fro my private netwo:
dns1 and dns2 are my service provider's nameserver ip addresses.

<snip>
${fwcmd} add 400 pass udp from any to ${dns1} 53
${fwcmd} add 400 pass udp from any to ${dns2} 53
${fwcmd} add 400 pass udp from ${dns1} 53 to any
${fwcmd} add 400 pass udp from ${dns2} 53 to any
<snip>

After installing dnscache I have had to open the ruleset up a little.
I am wondering if the following rule can be tightened up a little.

${fwcmd} add 400 pass udp from any to any 53 keep-state

-- 
Joe Sotham


More information about the freebsd-questions mailing list