On Tue, Apr 10, 2018 at 13:40:44 -0700, Rick Stevens <ri...@alldigital.com> wrote:
True, but old DNS uses UDP and thus the responses aren't "related" to a given query (a stateful firewall couldn't necessarily determine that an incoming DNS UDP reply was solicited or not).
I think related is fudged for UDP by noting destination and source IPs and port numbers and allowing inbound UDP packets that match those IP and port numbers through for some period of time (my memory is 5 minutes). This will work for most DNS.
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
