News
:
This forum is now permanently frozen.
m0n0wall Forum
>
m0n0wall Support (English)
>
Firewall/NAT
Topic: Block DNS port 53 UDP from WAN PCI compliance issue
Pages: [
1
]
Topic: Block DNS port 53 UDP from WAN PCI compliance issue (Read 1958 times)
Block DNS port 53 UDP from WAN PCI compliance issue
« on: February 26, 2014, 16:59:14 »
hugeoso
Posts: 2
Need help on block or reject traffic on DNS port 53 from WAN.
Below is my firewall rule on WAN site. The TCP seems to be block, but UDP is still open for some reason. The DNS forwarder is enabled. Dynamic DNS is enabled. Thank ahead.
* RFC 1918 networks * * *
TCP * * * 53 (DNS) DNS block
UDP * * * 53 (DNS) DNS block UDP
Re: Block DNS port 53 UDP from WAN PCI compliance issue
« Reply #1 on: February 27, 2014, 02:42:46 »
Lee Sharp
Posts: 517
By default, everything is rejected from LAN unless you allow it. Also, by default, everything is allowed from LAN. If you want to block LAN outbound traffic, it has to be placed BEFORE the default allow rule.
Pages: [
1
]