[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Ipchains and dns

Subject: Re: [cobalt-security] Ipchains and dns
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Thu, 17 Apr 2003 00:40:11 +0200
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Robbert,

> I did indeed obscure it.

Ah, very good.

> > For ipchains I use this chain instead:
> >
> >         $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 53 -j ACCEPT
> >         $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 53 -j ACCEPT
>
> $REMOTE NET => how did you enter the range ??

$REMOTENET is set to 0/0
$LOCALNET is set to the DNS server IP address. 

> say i have 217.100.169.115 as DNS server
> 217.100.169.114 server ip
> 217.100.169.1 gateway (all fake btw)
>
> how should the rule read then ?

$IPCHAINS -A input -p tcp -s 0/0 -d 217.100.169.115/32 53 -j ACCEPT
$IPCHAINS -A input -p udp -s 0/0 -d 217.100.169.115/32 53 -j ACCEPT

After all, we want port 53 just to be open to the outside world on the IP 
address of the DNS server. And we want to allow both UDP and TCP.

-- 

With best regards,

Michael Stauber

Follow-Ups:
- Re: [cobalt-security] Ipchains and dns
  - From: Robbert Hamburg \(HaVa Web- & Procesdesign\)

References:
- blocking spam (Re: [cobalt-security] VRFY root [rejected])
  - From: E.B. Dreger
- Re: [cobalt-security] Ipchains and dns
  - From: Michael Stauber
- Re: [cobalt-security] Ipchains and dns
  - From: Robbert Hamburg \(HaVa Web- & Procesdesign\)

Prev by Date: [cobalt-security] eggdrop and monitoring
Next by Date: RE: [cobalt-security] eggdrop and monitoring
Previous by thread: Re: [cobalt-security] Ipchains and dns
Next by thread: Re: [cobalt-security] Ipchains and dns

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index