public network traffic to my ip address port 53
Ernie Luzar
luzar722 at gmail.com
Thu Mar 19 15:31:37 UTC 2015
Matthew Seaman wrote:
> On 03/19/15 14:52, Ernie Luzar wrote:
>
>> In my firewall log I see thousands of udp packets from ip addresses all
>> over the word trying to access my freebsd gateway server on port 53.
>> Right now I am blocking them and see no negative effects.
>> Is there any valid reason to allow these unsolicited inbound packets
>> access to my system on port 53?
>>
>
> This is DNS traffic. There's no need to allow people from outside to
> connect into your systems unless you're running an authoritative DNS
> server, but you should be aware that most of the DNS traffic you see
> will probably have originated from your own systems, and you are seeing
> the responses to queries your users have made. This will frequently
> involve servers not obviously related to the addresses you're looking
> up, as your systems try and find the right authoritative servers.
>
> Note that while DNS is (mostly) a UDP protocol. and UDP is stateless, so
> all you can see are packets going in various directions and no
> established connections, any stateful firewall such as pf or ipfw will
> allow you to permit outgoing queries only, by using stateful firewall rules.
>
> Cheers,
>
> Matthew
>
>
>
I am running ipfilter and it also has stateful UDP rules. That is how I
know this inbound dsn traffic is unsolicited.
More information about the freebsd-questions
mailing list