IPFW rule set snippet:
Yet I am seeing this occasionally in /var/log/security:
This host is a DNS server - and from what I can tell, it is working for the most part. When those denials occur, I also get the following in /var/log/messages:
I know what rule is doing the denial, but I'm wonder how the packet is getting to there without matching the earlier permit rules. This rule set has no skipto rules.
Code:
# allow dns to function
$cmd 00430 permit tcp from $ip to any 53 out via $pif setup keep-state
$cmd 00431 permit udp from $ip to any 53 out via $pif keep-state
$cmd 00432 permit udp from $csgnet to $ip 53 in via $pif $ks
$cmd 00433 permit tcp from $csgnet to $ip 53 in via $pif setup $ks
# deny and log all other inbound traffic
$cmd 60999 deny log all from any to any in via $pif
$cmd 65530 deny log ip from any to anyYet I am seeing this occasionally in /var/log/security:
Code:
Apr 5 13:23:22 server kernel: ipfw: 65530 Deny UDP 10.100.31.12:53 10.0.0.41:49945 out via em0
Apr 5 13:23:22 server kernel: ipfw: 65530 Deny UDP 10.100.31.12:53 10.0.0.40:60427 out via em0
Apr 5 13:23:36 server kernel: ipfw: 65530 Deny UDP 10.100.31.12:53 10.0.0.41:50655 out via em0This host is a DNS server - and from what I can tell, it is working for the most part. When those denials occur, I also get the following in /var/log/messages:
Code:
Apr 5 13:45:08 server named[67638]: client 10.0.0.40#61838: error sending response: permission denied
Apr 5 13:45:08 server named[67638]: client 10.0.0.40#59771: error sending response: permission denied
Apr 5 13:45:09 server named[67638]: client 10.0.0.41#50432: error sending response: permission deniedI know what rule is doing the denial, but I'm wonder how the packet is getting to there without matching the earlier permit rules. This rule set has no skipto rules.