[OT?] Firewall problems
Bill Tangren
bjt at aa.usno.navy.mil
Thu Dec 15 16:15:04 UTC 2005
If this is off topic, I apologize up front. I don't know who else to direct the
question to. If someone out there knows who best to ask, please let me know.
I run a web server, behind a firewall that I don't control. The problem is, our
firewall does a reverse DNS lookup on incoming traffic, and it rejects all
traffic that fails that test. Some fail because they have no reverse lookup at
all, and some because it is no the same as what is in the packets that are being
received.
I suspect that not many fail, but I work for the U.S. DoD, and some people think
they are being kept from our web server for sinister reasons. After all, most
web surfers don't control their DNS entries, nor do they understand what DNS is
or how it affects them.
Our firewall administer says he does the reverse lookups to prevent/minimize
spoofing.
My question is, what is SOP for firewall reverse lookups?
Thanks,
Bill
More information about the redhat-list
mailing list