ipfw2 - too many dynamic rules

Chuck Swiger cswiger at mac.com
Tue Oct 18 16:31:15 PDT 2005


Stec John wrote:
> I need some help with ipfw2 on my squid box 
> 
> I have too many dynamic rules errors for dns
> Can I insert a dns static rule into my rules (as below) and how?
[ ... ]

# allow DNS,NTP queries out in the world
add pass udp from any 1024-65535 to any 53,123
add pass udp from any 53,123 to any 1024-65535
add pass udp from any 53,123 to any 53,123
add pass tcp from me to any 53 setup keep-state

Note that you probably want to use the combination of "setup keep-state" 
elsewhere in your rules, too.

-- 
-Chuck



More information about the freebsd-questions mailing list