From owner-freebsd-questions@FreeBSD.ORG  Tue Oct 18 21:16:12 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9AA5D16A41F
	for <freebsd-questions@freebsd.org>;
	Tue, 18 Oct 2005 21:16:12 +0000 (GMT)
	(envelope-from stecjohn2005@mail.ws)
Received: from mail.ws (laumei.mail.ws [202.4.48.220])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 153D943D45
	for <freebsd-questions@freebsd.org>;
	Tue, 18 Oct 2005 21:16:07 +0000 (GMT)
	(envelope-from stecjohn2005@mail.ws)
Received: from tuloaanisekoi ([202.4.48.245])
	by mail.ws (mail.ws [202.4.48.220]) (MDaemon.PRO.v7.1.0.R)
	with ESMTP id md50001407600.msg
	for <freebsd-questions@freebsd.org>; Tue, 18 Oct 2005 10:22:26 -1100
Message-ID: <00ca01c5d428$ec7b6fa0$df010a0a@csl.ws>
From: "Stec John" <stecjohn2005@mail.ws>
To: <freebsd-questions@freebsd.org>
Date: Tue, 18 Oct 2005 10:14:24 -1100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Processed: mail.ws, Tue, 18 Oct 2005 10:22:26 -1100
	(not processed: message from valid local sender)
X-MDRemoteIP: 202.4.48.245
X-Return-Path: stecjohn2005@mail.ws
X-MDaemon-Deliver-To: freebsd-questions@freebsd.org
X-MDAV-Processed: mail.ws, Tue, 18 Oct 2005 10:22:27 -1100
Subject: ipfw2 - too many dynamic rules
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2005 21:16:12 -0000

I need some help with ipfw2 on my squid box 

I have too many dynamic rules errors for dns
Can I insert a dns static rule into my rules (as below) and how?

allow ip from any to any via lo0
allow ip from any to any via lo1
deny ip from any to 127.0.0.0/8
deny ip from 127.0.0.0/8 to any
check-state
allow ip from me to any keep-state
divert 8668 tcp from 202.4.48.0/22 to any dst-port 80
fwd 127.0.0.1,3128 tcp from 202.4.48.0/22 to any dst-port 80
allow ip from any to any
deny ip from any to any