On Wed, 2004-06-02 at 20:39, Giorgos Keramidas wrote:
> The delay seems suspiciously like a DNS timeout.  Since you haven't
> mentioned any rules to explicitly allow DNS traffic below, I assume
> you
> don't have any.  Just add the following rules before your groups:
>     pass out quick proto udp from any to any keep state
>     block return-icmp-as-dest(port-unr) in log proto udp from any to
> any

Thanks, that fixed it. I also had another problem which stopped a lot of
outgoing traffic working which seems to have been fixed by adding keep
state to "pass out on rl0 all head 100".


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to