[afnog] Resolver issues - Resolved.

Brian Candler B.Candler at pobox.com
Mon Apr 10 21:17:51 EAT 2006


On Mon, Apr 10, 2006 at 08:27:16PM +0300, Michuki Mwangi wrote:
> Comparing the files with an older file just lead me to this. What a day! :(
> 
> 
> # Allow DNS queries out in the world
>         ${fwcmd} add pass udp from ${ip} to any 53 keep-state
> 						   ^^^^^^^^^^^

Good work. And for anyone watching this: notice how useful good
configuration management is - that is, keeping a record of every version of
every file you've touched, so you can compare today's config with last
week's.

When working with packet filters, you may also find that ending your ruleset
with a "deny all and log" rule is useful (although this will also log lots
of useless junk when people port-scan you)

Regards,

Brian.



More information about the afnog mailing list