Date: Tue, 18 Oct 2005 14:12:54 -1100 From: "Stec John" <stecjohn2005@mail.ws> To: "Chuck Swiger" <cswiger@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw2 - too many dynamic rules Message-ID: <013701c5d44a$3c4943b0$df010a0a@csl.ws> References: <00ca01c5d428$ec7b6fa0$df010a0a@csl.ws> <435585C2.6040006@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Chuck, are you suggesting to add these dns rules on top of the existing rules? Can I use "allow" instead of "pass"? ----- Original Message ----- From: "Chuck Swiger" <cswiger@mac.com> To: "Stec John" <stecjohn2005@mail.ws> Cc: <freebsd-questions@freebsd.org> Sent: Tuesday, October 18, 2005 12:31 PM Subject: Re: ipfw2 - too many dynamic rules > Stec John wrote: > > I need some help with ipfw2 on my squid box > > > > I have too many dynamic rules errors for dns > > Can I insert a dns static rule into my rules (as below) and how? > [ ... ] > > # allow DNS,NTP queries out in the world > add pass udp from any 1024-65535 to any 53,123 > add pass udp from any 53,123 to any 1024-65535 > add pass udp from any 53,123 to any 53,123 > add pass tcp from me to any 53 setup keep-state > > Note that you probably want to use the combination of "setup keep-state" > elsewhere in your rules, too. > > -- > -Chuck > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?013701c5d44a$3c4943b0$df010a0a>