bind 9.2 firewal lconf
Eivind Olsen
eivind.olsen at ttyl.com
Fri Mar 15 09:46:18 UTC 2002
I'm not too familiar with ipchains, but there are some things here that I
think could be changed:
> -A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
Do you really need to have FTP open (is that what this rule does?)
> -A input -s 205.205.218.5 53 -d 0/0 -p udp -j ACCEPT
It looks like this opens port 53 udp. What is "-s 205.205.218.5"? Is that
the host that's allowed to contact on port 53, or is it the local hosts
address? (Like I said, I'm not too familiar with ipchains - my primary OS
now is FreeBSD).
You should also open port 53 TCP. DNS isn't just UDP.
--
Talk To You Later
Eivind Olsen
More information about the bind-users
mailing list