I realize this is an old system, but we work with what our clients give us.
I am configuring a Sidewinder 7.0.0.07 as an alternate route for my client. It has an internet DNS server, which basically only lists itself and mx records; everything else is nat'ed by inbound port.
There is are 2 internal DNS servers (NOT hosted on the sidewinder) that have all the real DNS records; the sidewinder has /etc/resolv.conf set to query those servers. There is a rule to allow any firewall interface (burb addresses and loopback addresses) to query the internal DNS servers.
However, we are constantly seeing "Policy Violation (Kernel): Source IP 127.6.0.1 Dest IP 127.6.0.1 source port 53 dest port 53 traffic denied by Deny ALL (last rule).
Am I missing something? why wouldn't the allow rule take precedent?
Thanks for any help you can provide.
These audit entries are a "bug" dating back at least until Sidewinder 5. Simply ignore them.