Hello Alex, I prefer to use rules like DNS(ACCEPT) ext $FW
The built in macros, mostly, insure that you get all the requisite ports opened to do what you need. Cheers, Nathan On 10/11/2011 06:25 AM, Alex wrote: > Hi, > > I have a bunch of rejects in my logs like this, and wanted to make > sure my domain rules were correct: > > [24280.792629] Shorewall:ext2fw:REJECT:IN=br0 OUT= > MAC=14:da:e9:97:ab:71:00:21:a0:75:e3:12:08:00 SRC=118.97.104.210 > DST=68.XXX.YYY.44 LEN=75 TOS=0x00 PREC=0x00 TTL=114 ID=32855 PROTO=UDP > SPT=179 DPT=53 LEN=55 > > I have the following rules for DNS for the 68.XXX.YYY.44 ($FW) server: > > ACCEPT ext $FW tcp domain 53 > ACCEPT ext $FW tcp domain 1024: > ACCEPT ext $FW udp domain 1024: > > Is that correct? I don't believe there should be requests arriving on > UDP ports below 1024, correct? > > Any ideas for the correct domain entries would be greatly appreciated. > > Thanks, > Alex > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2d-oct > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
