>Would it be because dns sometimes talks UDP? (I forget the details.) Thanks - that was my first thought, but (a) the blocked packets show up as TCP, not UDP, and (b) I still had the problem even when I added UDP explicitly to the pass rule I show.
So I'm still stuck. /jon/
