I'm using some rules like the following to allow unrestricted udp traffic
across my firewall between my system and a set of specific ports on
specific domain name servers. This is the scariest of these rules:
pass in quick proto udp from ip.of.remote.DNS/32 port = 53 to any
Is this safe?
On 2004-07-12 23:15, Luke [EMAIL PROTECTED] wrote:
This is the scariest of these rules:
pass in quick proto udp from ip.of.remote.DNS/32 port = 53 to any
Well, paranoia is ok some times. At least, as long as it doesn't stop
you from doing your work ;-)
However, given a good named setup (ACLs
If stateful UDP:53 is a problem because of the load you have, you might
want to consider the following setup:
- Allow all packets to/from port 53 of your ISP's named (without
keeping state information in the firewall).
- Set up your ISP's named as a forwarder.
Giorgos
