ipfw keep-state (ASAP anwser need)

[Simon Gray]

> The folowing is a fragment of my rc.firewall which must
> allow all
> traffic in and out of my named.
>
> ----
> ipfw add 4100 allow udp from me to any 53 keep-state
> ipfw add 4200 allow udp from any to me 53
> ipfw add 4300 allow udp from me 53 to any
> ---
> It doesn't work. What am I missing?


AFAIK dns also requires tcp 53


Quick look in google found:

# Allow access to our DNS 
${fwcmd} add pass tcp from any to ${ip} 53 setup 
${fwcmd} add pass udp from any to ${ip} 53 
${fwcmd} add pass udp from ${ip} 53 to any


HTH

Simon