From owner-freebsd-questions@FreeBSD.ORG  Wed Jun  2 14:54:22 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B062816A4CE
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Jun 2004 14:54:22 -0700 (PDT)
Received: from sv19.dfserver19.com (sv19.dfserver19.com [207.44.192.91])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 847A743D39
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Jun 2004 14:54:22 -0700 (PDT)
	(envelope-from randy@insipidity.co.uk)
Received: from host81-152-250-124.range81-152.btcentralplus.com
	([81.152.250.124] helo=[192.168.1.40])
	by sv19.dfserver19.com with asmtp (Exim 4.20)
	id 1BVdgl-0000y9-FR; Wed, 02 Jun 2004 22:54:01 +0100
From: Randy Babb <randy@insipidity.co.uk>
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
In-Reply-To: <20040602203950.GB4054@gothmog.gr>
References: <1086188875.5101.29.camel@localhost>
	<20040602203950.GB4054@gothmog.gr>
Content-Type: text/plain
Message-Id: <1086216862.23474.19.camel@localhost>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Wed, 02 Jun 2004 22:54:22 +0000
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any
	abuse report
X-AntiAbuse: Primary Hostname - sv19.dfserver19.com
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - insipidity.co.uk
cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: IPFILTER Rules
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2004 21:54:22 -0000

On Wed, 2004-06-02 at 20:39, Giorgos Keramidas wrote:
> The delay seems suspiciously like a DNS timeout.  Since you haven't
> mentioned any rules to explicitly allow DNS traffic below, I assume
> you
> don't have any.  Just add the following rules before your groups:
> 
>     pass out quick proto udp from any to any keep state
>     block return-icmp-as-dest(port-unr) in log proto udp from any to
> any

Thanks, that fixed it. I also had another problem which stopped a lot of
outgoing traffic working which seems to have been fixed by adding keep
state to "pass out on rl0 all head 100".


Thanks,
Randy