On Wed, Aug 23, 2000 at 07:25:10AM +1000, Umar Goldeli said:
--> Not neccessarily - remember that all your queries will *go* to a port 53
--> of the other dns servers.. so you can define an inbound rule of dest port
--> = 53. To let that stream continue happily.
But having an inbound rule allowing port 53 traffic in isn't going to help much if the
traffic isn't coming back in to port 53.. i.e. if bind makes a query from say port
1534, how is the reply data going to get back in if you don't have that port opened in
your firewalling?
Now sure, you could add an inbound rule of src port = 53 which would get around this..
- but then you've just circumvented your whole firewall, as all the hax0r that wants
to get into your box has to do is use a source port of 53, and they have full access
to your machine.. :\
Regards,
Damien Gardner Jnr - Dip.EE StudIEAust
[EMAIL PROTECTED] - http://www.rendrag.net/
Ph: 0417 055 052 - Fax: 02 6299 9713
-- A hard-on does NOT count as personal growth.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
