From owner-freebsd-questions  Tue Jul 17 12:25:43 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by hub.freebsd.org (Postfix) with ESMTP id D155837B405
	for <freebsd-questions@FreeBSD.ORG>; Tue, 17 Jul 2001 12:25:33 -0700 (PDT)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by cactus.fi.uba.ar (8.11.3/8.9.3) with ESMTP id f6HJNOt01078;
	Tue, 17 Jul 2001 16:23:29 -0300 (ART)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Date: Tue, 17 Jul 2001 16:23:24 -0300 (ART)
From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To: User & Ian Patrick Thomas <ipthomas_77@yahoo.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: how could this PACKET get through?!
In-Reply-To: <20010717142652.A1048@localhost>
Message-ID: <20010717160034.T96585-100000@cactus.fi.uba.ar>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

When you "keep state" on UDP packets, the firewall automagically punches
a hole to allow the reply.

For example:

pass out on tun0 proto udp from <local ip> to any port = 53 keep state

If you do a dns query to, say 10.1.1.53 the packets coming from 10.1.1.53
port 53 will pass through the firewall, but packets from another ip
won't.


			Fer

On Tue, 17 Jul 2001, User & Ian Patrick Thomas wrote:

> 	How do you keep state on UDP packets, when UDP is a stateless protocol?
>
> Ian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message