13 Jun
2003
13 Jun
'03
21:13
On Fri, 2003-06-13 at 23:08, Christopher Mahmood wrote:
* Carlos E. R. (robin1.listas@tiscali.es) [030613 13:54]:
Yes, I have:
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS domain"
That should work then. It's OK to just open all of the high udp ports though.
Isn't the interesting bit here that the log message is ILLEGAL-TARGET? I mean, I would expect either ACCEPT or DROP-DEFAULT, but I don't think you should ever see ILLEGAL-TARGET unless there's something really wrong. I get illegal target on DNS reply packets from time to time when I restart the firewall. I'm not sure exactly what, but something gets messed up on a restart. I find that "rcnamed restart" makes it go away