From owner-freebsd-questions@FreeBSD.ORG Wed Oct 19 01:14:21 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE71F16A420 for ; Wed, 19 Oct 2005 01:14:21 +0000 (GMT) (envelope-from stecjohn2005@mail.ws) Received: from mail.ws (laumei.mail.ws [202.4.48.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2E7443D5E for ; Wed, 19 Oct 2005 01:14:14 +0000 (GMT) (envelope-from stecjohn2005@mail.ws) Received: from tuloaanisekoi ([202.4.48.245]) by mail.ws (mail.ws [202.4.48.220]) (MDaemon.PRO.v7.1.0.R) with ESMTP id md50001408501.msg for ; Tue, 18 Oct 2005 14:20:51 -1100 Message-ID: <013701c5d44a$3c4943b0$df010a0a@csl.ws> From: "Stec John" To: "Chuck Swiger" References: <00ca01c5d428$ec7b6fa0$df010a0a@csl.ws> <435585C2.6040006@mac.com> Date: Tue, 18 Oct 2005 14:12:54 -1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Processed: mail.ws, Tue, 18 Oct 2005 14:20:51 -1100 (not processed: message from valid local sender) X-MDRemoteIP: 202.4.48.245 X-Return-Path: stecjohn2005@mail.ws X-MDaemon-Deliver-To: freebsd-questions@freebsd.org X-MDAV-Processed: mail.ws, Tue, 18 Oct 2005 14:20:55 -1100 Cc: freebsd-questions@freebsd.org Subject: Re: ipfw2 - too many dynamic rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2005 01:14:21 -0000 Hi Chuck, are you suggesting to add these dns rules on top of the existing rules? Can I use "allow" instead of "pass"? ----- Original Message ----- From: "Chuck Swiger" To: "Stec John" Cc: Sent: Tuesday, October 18, 2005 12:31 PM Subject: Re: ipfw2 - too many dynamic rules > Stec John wrote: > > I need some help with ipfw2 on my squid box > > > > I have too many dynamic rules errors for dns > > Can I insert a dns static rule into my rules (as below) and how? > [ ... ] > > # allow DNS,NTP queries out in the world > add pass udp from any 1024-65535 to any 53,123 > add pass udp from any 53,123 to any 1024-65535 > add pass udp from any 53,123 to any 53,123 > add pass tcp from me to any 53 setup keep-state > > Note that you probably want to use the combination of "setup keep-state" > elsewhere in your rules, too. > > -- > -Chuck > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >