IPFILTER Rules
Randy Babb
randy at insipidity.co.uk
Wed Jun 2 14:54:22 PDT 2004
On Wed, 2004-06-02 at 20:39, Giorgos Keramidas wrote:
> The delay seems suspiciously like a DNS timeout. Since you haven't
> mentioned any rules to explicitly allow DNS traffic below, I assume
> you
> don't have any. Just add the following rules before your groups:
>
> pass out quick proto udp from any to any keep state
> block return-icmp-as-dest(port-unr) in log proto udp from any to
> any
Thanks, that fixed it. I also had another problem which stopped a lot of
outgoing traffic working which seems to have been fixed by adding keep
state to "pass out on rl0 all head 100".
Thanks,
Randy
More information about the freebsd-questions
mailing list