From owner-freebsd-questions@FreeBSD.ORG Tue Dec 9 01:32:40 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B50F16A4CE for ; Tue, 9 Dec 2003 01:32:40 -0800 (PST) Received: from profi.kharkov.ua (ats36sas-23.kharkov.ukrtel.net [195.5.17.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30F5343D2A for ; Tue, 9 Dec 2003 01:32:38 -0800 (PST) (envelope-from greg@profi.kharkov.ua) Received: by profi.kharkov.ua (Postfix, from userid 1000) id 46B70142A83; Tue, 9 Dec 2003 11:32:54 +0200 (EET) Date: Tue, 9 Dec 2003 11:32:54 +0200 From: Gregory Edigarov To: freebsd-questions@freebsd.org Message-ID: <20031209093254.GA366@profi.kharkov.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: ipfw keep-state (ASAP anwser need) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2003 09:32:40 -0000 Hello, The folowing is a fragment of my rc.firewall which must allow all traffic in and out of my named. ---- ipfw add 4100 allow udp from me to any 53 keep-state ipfw add 4200 allow udp from any to me 53 ipfw add 4300 allow udp from me 53 to any --- This is a fragment from my kernel configuration: --- options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options IPDIVERT #divert sockets options IPSTEALTH options ICMP_BANDLIM options DUMMYNET options BRIDGE options IPFW2 --- It doesn't work. What am I missing? -- With best regards, Gregory Edigarov ------------------------------------------------------------------------------ profi.kharkov.ua Systems Administrator ------------------------------------------------------------------------------