News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Block DNS port 53 UDP from WAN PCI compliance issue
Pages: [1]
Topic: Block DNS port 53 UDP from WAN PCI compliance issue  (Read 1958 times)
« on: February 26, 2014, 16:59:14 »
hugeoso *
Posts: 2
Need help on block or reject traffic on DNS port 53 from WAN.

Below is my firewall rule on WAN site.  The TCP seems to be block, but UDP is still open for some reason. The DNS forwarder is enabled. Dynamic DNS is enabled.  Thank ahead.

 *    RFC 1918 networks  * * *
 
 TCP  *  *  *  53 (DNS)  DNS block   
 
 UDP  *  *  *  53 (DNS)  DNS block UDP   
« Reply #1 on: February 27, 2014, 02:42:46 »
Lee Sharp *****
Posts: 517
By default, everything is rejected from LAN unless you allow it.  Also, by default, everything is allowed from LAN.  If you want to block LAN outbound traffic, it has to be placed BEFORE the default allow rule.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines