Hi,
After spending a day to configure the BETA firewall i did some scans. I've already noticed that sites like grc.com show much more with this BETA version then they do with version 4. So i did some scans with nessus... Below is the result of this scan. It seems that it's possible to bypass the firewall with a UDP packet on src port 53. I did configure DNS proxy but it listen ONLY on the internal network and the forwarding servers are also on my internal network. I did this scan from the internet and there is NO rule that allows 53 UDP from the internet.
Nessus report (part of it)
general/udp
High
It is possible to by-pass the rules of the remote firewall
by sending UDP packets with a source port equal to 53.
An attacker may use this flaw to inject UDP packets to the remote
hosts, in spite of the presence of a firewall.
Solution : Review your firewall rules policy
Risk Factor : High
BID : 7436
Regards,
Ezteok