-----Original Message----- From: Robert Moskowitz <r...@htt-consult.com> Date: Friday, February 15, 2013 1:33 PM To: "bind-users@lists.isc.org" <bind-users@lists.isc.org> Subject: Randoming ports and firewall rules
>So it is past time for me to only use port 53 and support port >randomization. But I do run iptables (and ip6tables) and the server >sits behind a Juniper SSG firewall. > >Where are there instructions for setting up iptables for port >randomization > >and for general firewall rules (I doubt I will find specific for my >Juniper). I'm likely misunderstanding the question, but I think stateful firewalls will address this for you. Unlike the days of ipchains, iptables makes this easy...as should any commercial firewall. The idea being that when you receive a query on 53/tcp or 53/udp and answer back on a random src port, that entire conversation is tracked as one session and therefore succeeds without a bunch of extra rules (the stateful rules are generated and expired on the fly). https://wiki.archlinux.org/index.php/Simple_Stateful_Firewall Fully agreed that you need to leverage src port randomization in the modern world. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users