-----Original Message----- From: Robert Moskowitz <[email protected]> Date: Friday, February 15, 2013 1:33 PM To: "[email protected]" <[email protected]> Subject: Randoming ports and firewall rules
>So it is past time for me to only use port 53 and support port >randomization. But I do run iptables (and ip6tables) and the server >sits behind a Juniper SSG firewall. > >Where are there instructions for setting up iptables for port >randomization > >and for general firewall rules (I doubt I will find specific for my >Juniper). I'm likely misunderstanding the question, but I think stateful firewalls will address this for you. Unlike the days of ipchains, iptables makes this easy...as should any commercial firewall. The idea being that when you receive a query on 53/tcp or 53/udp and answer back on a random src port, that entire conversation is tracked as one session and therefore succeeds without a bunch of extra rules (the stateful rules are generated and expired on the fly). https://wiki.archlinux.org/index.php/Simple_Stateful_Firewall Fully agreed that you need to leverage src port randomization in the modern world. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
