Date: Wed, 18 Feb 1998 09:43:26 +1100 (EST) From: Anthony Hill <ahill@blacksun.net.au> To: questions@FreeBSD.ORG Cc: doug@connect.com.au Subject: keep state keyword for ipfw Message-ID: <Pine.BSF.3.95q.980217135733.3895A-100000@blacksun.net.au>
next in thread | raw e-mail | index | archive | help
Whats a good way of allowing DNS queries and zone transfer requests out (and the responses back) through an ipfw filter ? As I understand it, a query goes from UDP port 53 to some random high UDP port on the name server. The name server then responds with a UDP packet from port 53 destined for the same high UDP port on the machine. Using these ipfilter rules :- # Pass out domain requests to our servers # pass out quick proto udp from any to nameserver/32 port = domain # # Keep the state and log domain requests going to other servers # pass out log first quick proto udp from any to any port = domain keep state ..I belive the "keep state" bit gets a temporary rule put in place that will allow UDP back from port 53 to the same port that the request went out on. .Sooo - does ipfw have functionality similar to ipfilter's keep state, and if not, how do you go about allowing the response back in ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.980217135733.3895A-100000>