Handbook - Section IPFW
Chuck Swiger
cswiger at mac.com
Mon Dec 8 21:08:36 UTC 2008
On Dec 8, 2008, at 12:17 PM, Fernando Tonus wrote:
> I found an error in the last script called "Example Ruleset #2".
> The error is in the rule number 020.
>
> Wrong:
> $cmd 020 $skip *tcp* from any to x.x.x.x 53 out via $pif setup keep-
> state
>
> Right:
> $cmd 020 $skip *udp* from any to x.x.x.x 53 out via $pif setup keep-
> state
Actually, you want to allow *both* udp/53 and tcp/53 out if you want
to properly pass DNS requests through:
$cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif setup keep-state
$cmd 020 $skip udp from any to x.x.x.x 53 out via $pif keep-state
Regards,
--
-Chuck
More information about the freebsd-doc
mailing list