My ''very secure inclusive type of firewall'' works as expected behind Free's freebox, but not behind Nerim's SpeedTouch. Both boxes are configured as routers. Nerim's DNS's respond with bad packets like so: 08/10/2009 11:27:27.898288 fxp0 @0:25 b 62.4.16.70,53 -> 10.0.0.28,62317 PR udp len 20 395 IN bad 08/10/2009 11:27:32.897670 fxp0 @0:25 b 62.4.17.69,53 -> 10.0.0.28,59923 PR udp len 20 395 IN bad
Evidently, the packets get blocked by the very last rule: block in log first quick on $oif all I cannot find out the meaning of ''bad'' and what it responsible for it. Thanks in advance for any help. -- Harald Weis
