Theo Wiegmann wrote: > >> DNS/ACCEPT $FW net > >> DNS/ACCEPT loc $FW
>Thanks, Tom. That let me approach the problem from a different >perspective. I figured out what I was doing wrong: I needed to remove >an entry from the named.conf file: > >query-source port 53; > >Now, all queries are using randomized ports! A lot depends on your default policies. If you have a default of allowing outgoing connections, then the first rule above is superfluous as it simply allows something that is already allowed. However, if you have a default policy to block outgoing connections, then that rule is required. You should note that the rule matches the DESTINATION port=53 and so is unaffected by whether you use 53 or a random source port. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
