I heard a good tip recently where you can setup a packet filter rule that only allows UDP port 53 to connect to OpenDNS servers. A smart user could go into the network TCP/IP properties on their PC and bypass the DNS settings in ASG. The rule above would prevent their computer from connecting to any non-OpenDNS IP. I wanted to test this on my machine, so I looked at my firewall rules and didn't find anything that allowed port 53 in the first place, so it seemed to me I don't need a new rule. I assumed that in my configuration the ASG box is pointing to the DNS server, so a firewall rule doesn't apply here. I expected that when I changed the DNS setting in my computer, I would not be able to get to any websites. Well, I was able to surf the web just fine. My question is, why is Astaro allowing this to work? Maybe there is a default packet filter rule that was created when I installed (ver 7) that is allowing this port, but it's just not obvious by looking at the rules. Of all the rules I added, I never added any rule that did anything with this port.
--Scott
This thread was automatically locked due to age.
