Hi Chuck, are you suggesting to add these dns rules on top of the existing rules? Can I use "allow" instead of "pass"?
----- Original Message ----- From: "Chuck Swiger" <[EMAIL PROTECTED]> To: "Stec John" <[EMAIL PROTECTED]> Cc: <freebsd-questions@freebsd.org> Sent: Tuesday, October 18, 2005 12:31 PM Subject: Re: ipfw2 - too many dynamic rules > Stec John wrote: > > I need some help with ipfw2 on my squid box > > > > I have too many dynamic rules errors for dns > > Can I insert a dns static rule into my rules (as below) and how? > [ ... ] > > # allow DNS,NTP queries out in the world > add pass udp from any 1024-65535 to any 53,123 > add pass udp from any 53,123 to any 1024-65535 > add pass udp from any 53,123 to any 53,123 > add pass tcp from me to any 53 setup keep-state > > Note that you probably want to use the combination of "setup keep-state" > elsewhere in your rules, too. > > -- > -Chuck > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
