The 03.06.13 at 14:08, Christopher Mahmood wrote:
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS domain"
That should work then. It's OK to just open all of the high udp ports though.
Probably... but I like the school of thought that says "close everything, and open something when you get to hear the complains" ;-)
(although 1024 might not be really a high port :-? )
It is, the inequality in "ports below than 1024" is strict.
Yeah, I know: but it would not be the first time that a programmer get it wrong there - as I can testify, being a programmer myself (or was). ;-)
It seems like it's doing the right thing. Maybe you have the nameserver bound to 127.0.0.1?
Well, of course: Jun 15 11:11:00 nimrodel /usr/sbin/named[1618]: listening on IPv4 interface lo, 127.0.0.1#53 Jun 15 11:11:00 nimrodel /usr/sbin/named[1618]: listening on IPv4 interface eth0, 192.168.100.2#53 -- Cheers, Carlos Robinson