Or should I continue to block DNS traffic that is not destined for my ISP's designated DNS servers?ģ. Should I allow all the DNS traffic out of my lan no matter where it is heading?Ģ. But a doxen other destinations I do not recognize at all.ġ. The other is to an old DNS server used by my ISP years ago. One is to the former address of my internal DNS server (I renumbered everything about six months ago). However, when I check the denied traffic log, there is a lot of blocked UDP traffic from my lan to port 53 at a variety of unknown IPs. No wan side rule was needed for DNS to seem to work normally. On the lan side I have rules allowing UDP traffic out on ports -5000 to port 53 on my ISP DNS servers. Unlike IOS, M0n0wall rules only apply to traffic entering an interface. I used ACLs to:Īllow UDP in on ports GT 1023 from my ISP's specific DNS servers. Until recently I used the firewall feature of Cisco IOS to protect my lan.
0 Comments
Leave a Reply. |