From owner-freebsd-questions@FreeBSD.ORG  Mon Feb 27 14:57:55 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EDD0B16A420
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Feb 2006 14:57:55 +0000 (GMT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0FA1243D72
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Feb 2006 14:57:46 +0000 (GMT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from flame.pc (aris.bedc.ondsl.gr [62.103.39.226])
	(authenticated bits=128)
	by igloo.linux.gr (8.13.5/8.13.5/Debian-3) with ESMTP id k1REvYOo020627
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Mon, 27 Feb 2006 16:57:36 +0200
Received: from flame.pc (flame [127.0.0.1])
	by flame.pc (8.13.4/8.13.4) with ESMTP id k1REv48h038022;
	Mon, 27 Feb 2006 16:57:04 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from keramida@localhost)
	by flame.pc (8.13.4/8.13.4/Submit) id k1REv4Rt038021;
	Mon, 27 Feb 2006 16:57:04 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
Date: Mon, 27 Feb 2006 16:57:04 +0200
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Roman Serbski <mefystofel@gmail.com>
Message-ID: <20060227145704.GA38009@flame.pc>
References: <cca5083b0602260715w2f4a9e49o494f2f537afca2db@mail.gmail.com>
	<4402232A.8010908@locolomo.org>
	<cca5083b0602270548s4147d332v5df89fdb9a0b7ccd@mail.gmail.com>
	<20060227145011.GA37745@flame.pc>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060227145011.GA37745@flame.pc>
X-Hellug-MailScanner: Found to be clean
X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.377,
	required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.82,
	BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20)
X-Hellug-MailScanner-From: keramida@ceid.upatras.gr
Cc: freebsd-questions@freebsd.org
Subject: Re: Help with IP Filter 4.1.8
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2006 14:57:56 -0000

On 2006-02-27 16:50, Giorgos Keramidas <keramida@ceid.upatras.gr> wrote:
> It looks like the stateful rule didn't succeed in creating a state for
> the outgoing UDP packet:
>
>     pass out quick on lo0 from any to any
>     pass out quick on xl0 proto tcp from any to any port = domain flags S/FSRPAU keep state
> =>  pass out quick on xl0 proto udp from any to any port = domain keep state
>     block out log quick on xl0 all
>
> I'm not sure why this would happen though.

One reason why this could fail is that the xl0 interface is not part of
the route to your ISP's DNS servers.

How many interfaces does the system have?  Is xl0 in the path to your
ISP's router?