public network traffic to my ip address port 53
Matthew Seaman
matthew at freebsd.org
Thu Mar 19 15:10:34 UTC 2015
On 03/19/15 14:52, Ernie Luzar wrote:
> In my firewall log I see thousands of udp packets from ip addresses all
> over the word trying to access my freebsd gateway server on port 53.
> Right now I am blocking them and see no negative effects.
> Is there any valid reason to allow these unsolicited inbound packets
> access to my system on port 53?
This is DNS traffic. There's no need to allow people from outside to
connect into your systems unless you're running an authoritative DNS
server, but you should be aware that most of the DNS traffic you see
will probably have originated from your own systems, and you are seeing
the responses to queries your users have made. This will frequently
involve servers not obviously related to the addresses you're looking
up, as your systems try and find the right authoritative servers.
Note that while DNS is (mostly) a UDP protocol. and UDP is stateless, so
all you can see are packets going in various directions and no
established connections, any stateful firewall such as pf or ipfw will
allow you to permit outgoing queries only, by using stateful firewall rules.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150319/fe49342c/attachment.sig>
More information about the freebsd-questions
mailing list