Do you block UDP?
First question would be - which direction?
I allow udp *to* port 53. I allow *ip* outgoing, so any response to a dns request would be answered.
I am asking this because, I *used* do a block on all UDP except the DNS port and had exactly the same problem.
Very odd. I'll give that a try.
Even though it doesn't make sense to me. If my *first* rule is "allow ip from x.x.x.x/32 to {server}" and I also have a rule that says "allow ip from {server} to any", then I can't imagine why a restriction on udp would interfere with that since "ip" includes both tcp and udp.
Besides the firewall has been working flawlessly for three years *with* that restriction. Makes me think that *something* in the firewall code changed recently and got installed when I ran freebsd-update.
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
