From owner-freebsd-questions  Wed Mar 20  8:47: 4 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from glow.binity.net (glow.binity.net [213.84.201.224])
	by hub.freebsd.org (Postfix) with ESMTP id 3EB4B37B419
	for <freebsd-questions@FreeBSD.ORG>; Wed, 20 Mar 2002 08:47:02 -0800 (PST)
Received: from vscan (glow.dt1.binity.net [172.23.18.1])
	by glow.binity.net (Postfix) with ESMTP
	id E6E7255B5; Wed, 20 Mar 2002 17:47:00 +0100 (CET)
Received: from there (silver.dt1.binity.net [172.23.3.20])
	by glow.binity.net (Postfix) with SMTP
	id 2410154CF; Wed, 20 Mar 2002 17:46:59 +0100 (CET)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Walter Hop <walter@binity.com>
Message-Id: <200203201744.15491@silver.dt1.binity.net>
To: Flemming =?iso-8859-1?q?Fr=F8kjk=E6r?= <flemming@froekjaer.org>,
	freebsd-questions@FreeBSD.ORG
Subject: Re: ipfw rules
Date: Wed, 20 Mar 2002 17:46:49 +0100
X-Mailer: KMail [version 1.3.2]
References: <3C992774.D763B085@froekjaer.org>
In-Reply-To: <3C992774.D763B085@froekjaer.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: by glow.binity.net (amavis-perl-11-sky2)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

[in reply to Flemming Frøkjkær, Thursday 21 March 2002 01:21]

> I can add a rule like this: ipfw add 9999 pass all from any to any
> Then everything works, but the firewall does not do me any good :(
> what rules should I add to make DNS work?

I have the following rules for DNS:

ipfw add 03300 allow udp from me to 194.109.6.66 53 keep-state via tun0
ipfw add 03301 allow udp from me to 194.109.9.99 53 keep-state via tun0

The IP addresses mentioned are the DNS servers of my provider which I 
query, tun0 is the network device used to reach them. If you want to 
allow traffic to all DNS servers on the internet you can use one rule 
with "...to any 53 keep-state" instead.

-- 
 Walter Hop <walter@binity.com> | +31 6 24290808 | PGP keyid 0x84813998
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message