Error in Handbook
Giorgos Keramidas
keramida at ceid.upatras.gr
Thu Feb 3 03:30:31 UTC 2005
On 2005-02-02 14:11, Graham Dresch <gdresch at spcint.com> wrote:
>
> In Chapter 24 Firewalls:
> Section 24.6.5.7:
> Example ruleset #2:
>
> $cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif setup keep-state
> ^^^ ^^^^^
>
> DNS uses UDP, setup is inapplicable to UDP
Actually, DNS uses both UDP and TCP. The size of a DNS UDP packet has
an upper limit. If the data that needs to be transferred exceeds that
limit, TCP is used.
> The line should read:
>
> $cmd 020 $skip udp from any to x.x.x.x 53 out via $pif keep-state
It should probably remain as it is, and a TCP-specific line should be
added. Ruleset #2 is supposed to be identical to ruleset #1, which
includes these rules:
$cmd 00110 allow tcp from any to x.x.x.x 53 out via $pif setup keep-state
$cmd 00111 allow udp from any to x.x.x.x 53 out via $pif keep-state
- Giorgos
More information about the freebsd-doc
mailing list