On 19.03.2011 09:46, Melissa Jenkins wrote: > Hi Thomas, > > I wish it was that simple :( > > If I add it to the rdr I get an error loading the file: > rdr pass on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port 53 > keep state (no-sync) > > pf.conf:124: syntax error > > If I put it on the pass rule it doesn't stop the state from being > synchronised... I'm guessing because the state was created by the RDR rule. > I've tried in Freebsd 8.0 & 8.1 > Hello,
You need to remove the "pass" keyword from the RDR rule and make an explicit "pass" rule with the no-state keyword. So instead of: rdr pass on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port 53 keep state (no-sync) You do: rdr on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port 53 pass in on $if inet proto udp from <napts> to 127.0.0.1 port 53 keep state (no-sync)Best regards Let me know how it works out. Thomas Steen Rasmussen ps. Please don't top-post :) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
