whoops, never mind people I have just realized blocking all udp except for on port 53 does not allow other DNS servers to do queries to my host ( even though I can query them ). would help if I actually bothered to read my logs once in awhile :O)
>Hi People, > >I'm trying to setup my firewall using ipfw on 4.6 Stable. I have read >through the man pages and also several howto's but now I need your advice. >I would like to setup a DNS server that will respond to queries and my >current ruleset does not seem to permit this. Please tell me what I am >doing wrong. > >My Ruleset: ( ip's omitted ) > >add 00301 check-state >add 00302 allow tcp from any to any established >add 00303 allow tcp from any to any out setup keep-state >add 00304 allow tcp from any to $lan 22,25,80,443 setup >add 00400 allow udp from any to any out >add 00401 allow udp from $lan to any 53 >add 00402 allow udp from any 53 to $lan in recv rl0 >#allow some icmp types (codes not supported) >##allow path-mtu in both directions >add 00600 allow icmp from any to any icmptypes 3 >##allow source quench in and out >add 00601 allow icmp from any to any icmptypes 4 >##allow me to ping out and receive response back >add 00602 allow icmp from any to any icmptypes 8 out >add 00603 allow icmp from any to any icmptypes 0 in >##allow me to run traceroute >add 00604 allow icmp from any to any icmptypes 11 in >#allow ident requests >add 00700 allow tcp from any to any 113 keep-state setup >#deny syn and fin bits used for OS finger printing using nmap >add 00701 deny log tcp from any to any in tcpflags syn,fin >#log anything that falls through >add 09000 deny log ip from any to any > >Kind Regards, >Nelis To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
