PF RULES! But mine doesn't ...
Giorgos Keramidas
keramida at ceid.upatras.gr
Tue May 10 03:50:55 PDT 2005
On 2005-05-10 05:09, Fafa Hafiz Krantz <fteg at london.com> wrote:
>> It's a question of letting DNS traffic _in_ to your nameserver:
>>
>> pass in on $ext_if inet proto { tcp, udp } \
>> from any to ($ext_if) port 53
>>
>> ^^^ that lets the traffic in....
>>
>> pass out on $ext_if inet proto { tcp, udp } \
>> from ($ext_if) port 53 to any
>>
>> ^^^ and that lets it back out.
>>
>> If you add the "query-source address * port 53;" to your named.conf
>> "options" section, that'll suffice; additionally, since your DNS
>> query source port is then predictable, you can drop it from the DNS
>> and NTP rule.
>
> Hello again, Jan!
>
> Well, I tried applying what you said now as well as last time you
> said it -- but the problem is still there. Unless I uncomment the default
> deny policy nothing seems to work. The problem must lie elsewhere in my
> ruleset:
Show us the output of:
# pfctl -sr
[snip ruleset]
More information about the freebsd-questions
mailing list