On Tue, Mar 13, 2001 at 03:47:08PM -0600, Nick Rogness wrote:
> > # Allow DNS traffic from internet to query your DNS (for reverse
> > # lookups etc).
> > $fwcmd add allow tcp from any 53 to $ns1 53 setup
> > $fwcmd add allow udp from any to $ns1 53
> > $fwcmd add allow udp from $ns1 53 to any
>
> You are only allowing the setup of the zone transfer. You need to
> allow established traffic as well (tcp port 53).
>
> $fwdcmd add allow tcp from any 53 to any 53
>
> This isn't very secure though. You can more specific ipfw rules
> that make this a little more secure.
Luckily, figuring out which servers you need to allow is pretty easy,
you already have a list of them.
--
Bill Fumerola - security yahoo / Yahoo! inc.
- [EMAIL PROTECTED] / [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
