Hi Juergen, "Jürgen Mell" wrote:

Hi folks,

I would like to set up a firewall using the firewals 1.4-6 packet on a 2.2.14 kernel. My problem is, that I want to use nameserver services from the (insecure) internet and time server services. For the time servers, I have to have an open UDP port 1026 for incoming UDP connections. If I set FW_UDP_ALLOW_INCOMING_HIGHPPORTS = "dns 1026" I get error messages, which are caused by a special handling of the string 'dns' in the script. Up to now, the only solution I have found is to set that variable to 'yes', but that opens all my high UDP ports, and would really prefer to have only those ports open, which I really need. Is there a better solution available?

have a look at /etc/services port 53 is named 'domain', not 'dns' using domain instead of dns should do the job. !! dns also makes use of tcp connections !! see http://www.rustcorp.com/linux/ipchains/HOWTO-5.html (a very good howto) regards Jan Niemann