Date: Wed, 02 Jun 2004 22:54:22 +0000 From: Randy Babb <randy@insipidity.co.uk> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: IPFILTER Rules Message-ID: <1086216862.23474.19.camel@localhost> In-Reply-To: <20040602203950.GB4054@gothmog.gr> References: <1086188875.5101.29.camel@localhost> <20040602203950.GB4054@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2004-06-02 at 20:39, Giorgos Keramidas wrote: > The delay seems suspiciously like a DNS timeout. Since you haven't > mentioned any rules to explicitly allow DNS traffic below, I assume > you > don't have any. Just add the following rules before your groups: > > pass out quick proto udp from any to any keep state > block return-icmp-as-dest(port-unr) in log proto udp from any to > any Thanks, that fixed it. I also had another problem which stopped a lot of outgoing traffic working which seems to have been fixed by adding keep state to "pass out on rl0 all head 100". Thanks, Randy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1086216862.23474.19.camel>