ipfw2 - too many dynamic rules
Stec John
stecjohn2005 at mail.ws
Tue Oct 18 18:14:21 PDT 2005
Hi Chuck, are you suggesting to add these dns rules on top of the existing
rules?
Can I use "allow" instead of "pass"?
----- Original Message -----
From: "Chuck Swiger" <cswiger at mac.com>
To: "Stec John" <stecjohn2005 at mail.ws>
Cc: <freebsd-questions at freebsd.org>
Sent: Tuesday, October 18, 2005 12:31 PM
Subject: Re: ipfw2 - too many dynamic rules
> Stec John wrote:
> > I need some help with ipfw2 on my squid box
> >
> > I have too many dynamic rules errors for dns
> > Can I insert a dns static rule into my rules (as below) and how?
> [ ... ]
>
> # allow DNS,NTP queries out in the world
> add pass udp from any 1024-65535 to any 53,123
> add pass udp from any 53,123 to any 1024-65535
> add pass udp from any 53,123 to any 53,123
> add pass tcp from me to any 53 setup keep-state
>
> Note that you probably want to use the combination of "setup keep-state"
> elsewhere in your rules, too.
>
> --
> -Chuck
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list