Actually DNS Guard in the PIX only allows one (the first) DNS response back. All others are dropped.
At 01:53 PM 1/9/2002 -0800, "Chew, Freeland (Roanoke)" <[EMAIL PROTECTED]> wrote: >Message: 4 >From: "Chew, Freeland (Roanoke)" <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: Stateful Pix >Date: Wed, 9 Jan 2002 15:36:41 -0500 > >Yes the PIX will allow the answers to the DNS queries back in without any >other configuration. > > >Message: 4 >Date: Wed, 9 Jan 2002 10:32:19 -0200 (BRST) >From: Edson Yamada <[EMAIL PROTECTED]> >To: lista fw <[EMAIL PROTECTED]> >Subject: Stateful inspection on PIX > > >Hello again, > >Sorry if this is a stupid question. >I=B4ve been reading the PIX docs and it=B4s written >that PIX is stateful. > >Let=B4s suppose that a host (behind the internal >interface) queries a DNS server that is located behind a outside >interface. > >By default, all traffic that comes from the inside interface >to the outside is allowed, so the query passes through the >firewall, right? > >What about the answer? As PIX is stateful, this means >that the answer for this specific query is allowed? > >If not, do I have to apply an access list to allow the >answers? > > >Thanks > > >********************************************************************** >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote also confirms that this email message has been swept by >MIMEsweeper for the presence of computer viruses. > >www.mimesweeper.com >********************************************************************** _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
