This should be rejected as "keep frags" is meaningless here. pass out log quick on bge0 proto udp from xxx.xxx.xxx.113/32 to any port = 53 keep state keep frags You need pass in quick from any to any with frag keep frag -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org