Tang Tse wrote:
Thanks for the answear,Is it secure to open DNS ports to outside world? Or you mean to open open outgoing DNS conections? If i want to redirect incomming ssh connections from internet to some inside server, should i open DNS incoming? Thanks!!
Not necessarily - but how about a rule like:
pass out on $ext_if proto { tcp, udp } from any to $my_nameserver \
port 53 keep state
HTH
Fred
PS http://home.nuug.no/~peter/pf/ is well worth reading
--
http://www.crowsons.net/puters/x41.php
