Date: Wed, 02 Jun 2004 22:54:22 +0000 From: Randy Babb <randy@insipidity.co.uk> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: IPFILTER Rules Message-ID: <1086216862.23474.19.camel@localhost> In-Reply-To: <20040602203950.GB4054@gothmog.gr> References: <1086188875.5101.29.camel@localhost> <20040602203950.GB4054@gothmog.gr>
index | next in thread | previous in thread | raw e-mail
On Wed, 2004-06-02 at 20:39, Giorgos Keramidas wrote: > The delay seems suspiciously like a DNS timeout. Since you haven't > mentioned any rules to explicitly allow DNS traffic below, I assume > you > don't have any. Just add the following rules before your groups: > > pass out quick proto udp from any to any keep state > block return-icmp-as-dest(port-unr) in log proto udp from any to > any Thanks, that fixed it. I also had another problem which stopped a lot of outgoing traffic working which seems to have been fixed by adding keep state to "pass out on rl0 all head 100". Thanks, Randyhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1086216862.23474.19.camel>