./[EMAIL PROTECTED] wrote:
> ${fwcmd} add allow udp from any 1024-65535,53 to any 53
> ${fwcmd} add allow udp from any 53 to any 1024-65535
That ruleset is a really bad idea. Imagine the following scenario: You
run a vulnerable service (bind, sendmail, you name it), Joe Haxor
launches a exploit a
y Edigarov" <[EMAIL PROTECTED]>
Subject: Re: ipfw keep-state (ASAP anwser need)
> On Tue, 09 Dec 2003, Rob wrote:
>
> > ipfw add 4100 allow udp from me to any 53 keep-state
> > ipfw add 4200 allow udp from any to me 53 keep-state
> It doesn't work.
>
AIL PROTECTED]>
Subject: ipfw keep-state (ASAP anwser need)
> Hello,
>
> The folowing is a fragment of my rc.firewall which must allow all
> traffic in and out of my named.
>
>
> ipfw add 4100 allow udp from me to any 53 keep-state
> ipfw add 4200 allow udp from any to me
${fwcmd} add allow udp from any 1024-65535,53 to any 53
${fwcmd} add allow udp from any 53 to any 1024-65535
- Original Message -
From: "Gregory Edigarov" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 09, 2003 5:32 PM
Subject: ipfw keep-s
Hello,
The folowing is a fragment of my rc.firewall which must allow all
traffic in and out of my named.
ipfw add 4100 allow udp from me to any 53 keep-state
ipfw add 4200 allow udp from any to me 53
ipfw add 4300 allow udp from me 53 to any
---
This is a fragment from my kernel configuratio