I maintain a small hobby website running on FreeBSD 4.9 SECURITY. I'm
paranoid about security and religious about updates (kernel and ports).
Recently, the server began to exhibit odd behavior that looked for all the
world like name resolution issues.
I had recently updated bind to 9.0.3_1,
Paul Schmehl wrote:
[ ... ]
So, I removed rule 1 and created a new one like this:
ipfw add 00050 allow ip from {my workstation at work) to any.
I then ssh'd to my workstation and attempted to ssh back to the server.
No go. Yet ipfw show shows an increased packet count on the counter for
--On Thursday, March 03, 2005 01:48:16 PM -0500 Chuck Swiger
[EMAIL PROTECTED] wrote:
TCP connections are bidirectional, therefore you need to add rules which
allow traffic from all back to your workstation, or else use keep-state
and check-state to use dynamic rules
The firewall script
: [EMAIL PROTECTED] [mailto:owner-freebsd-
[EMAIL PROTECTED] On Behalf Of Paul Schmehl
Sent: Friday, March 04, 2005 1:09
To: FreeBSD questions
Subject: Re: ipfw lost its mind?
--On Thursday, March 03, 2005 01:48:16 PM -0500 Chuck Swiger
[EMAIL PROTECTED] wrote:
TCP connections
--On Friday, March 04, 2005 01:21:11 AM +0530 Subhro [EMAIL PROTECTED]
wrote:
Do you block UDP?
First question would be - which direction?
I allow udp *to* port 53. I allow *ip* outgoing, so any response to a dns
request would be answered.
I am asking this because, I *used* do a block on all
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-freebsd-
[EMAIL PROTECTED] On Behalf Of Paul Schmehl
Sent: Friday, March 04, 2005 1:51
To: 'FreeBSD questions'
Subject: RE: ipfw lost its mind?
--On Friday, March 04, 2005 01:21:11 AM +0530 Subhro
[EMAIL PROTECTED]
wrote
