Date: Wed, 7 May 2008 16:54:22 -0400 From: "Ansar Mohammed" <ansarm@gmail.com> To: "'Jille'" <jille@quis.cx> Cc: freebsd-pf@freebsd.org Subject: RE: UDP weirdness Message-ID: <00a401c8b084$87da9540$978fbfc0$@com> In-Reply-To: <482215F4.1080806@quis.cx> References: <004f01c8b068$89c89350$9d59b9f0$@com> <005101c8b06b$5f0743c0$1d15cb40$@com> <008b01c8b081$c74692e0$55d3b8a0$@com> <482215F4.1080806@quis.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
But I thought pf would be tracking state? Isnt that the whole point of statefull firewalls? > -----Original Message----- > From: Jille [mailto:jille@quis.cx] > Sent: May 7, 2008 4:50 PM > To: Ansar Mohammed > Cc: 'Kevin K'; freebsd-pf@freebsd.org > Subject: Re: UDP weirdness > > > > Ansar Mohammed schreef: > > Ok, so adding the line as you suggested worked. > > Thanks Kevin. > > > > But why do I need to have both entries in for > > > > pass in proto udp from any to any port 53 > > pass out proto udp from any to any port 53 > > > > what makes UDP so special? > UDP is stateless, > With TCP you've got an connection (identified by: local host:port and > remote host:port) > With UDP, well, you just trow the packages over the line, and hope the > is (still) someone on the other end. > > So the is (almost) no way to detect whether packets are responses to > eachother > > -- Jille
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a401c8b084$87da9540$978fbfc0$>