Date: Thu, 29 Jan 2004 12:20:45 -0000 From: "Simon Gray" <simong@desktop-guardian.com> To: "'Bjoern A. Zeeb'" <bzeeb-lists@lists.zabbadoz.net>, "'Gregory Edigarov'" <greg@profi.kharkov.ua> Cc: freebsd-ipfw@freebsd.org Subject: RE: ipfw keep-state (ASAP anwser need) Message-ID: <E1AmBAS-0007EF-5G@ptb-relay02.plus.net> In-Reply-To: <Pine.BSF.4.53.0312091033560.40103@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> The folowing is a fragment of my rc.firewall which must
> allow all
> traffic in and out of my named.
>
> ----
> ipfw add 4100 allow udp from me to any 53 keep-state
> ipfw add 4200 allow udp from any to me 53
> ipfw add 4300 allow udp from me 53 to any
> ---
> It doesn't work. What am I missing?
AFAIK dns also requires tcp 53
Quick look in google found:
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${ip} 53 setup
${fwcmd} add pass udp from any to ${ip} 53
${fwcmd} add pass udp from ${ip} 53 to any
HTH
Simon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1AmBAS-0007EF-5G>