Tang Tse wrote:
Thanks for the answear,Is it secure to open DNS ports to outside world? Or you mean to open open outgoing DNS conections? If i want to redirect incomming ssh connections from internet to some inside server, should i open DNS incoming? Thanks!!
Not necessarily - but how about a rule like: pass out on $ext_if proto { tcp, udp } from any to $my_nameserver \ port 53 keep state HTH Fred PS http://home.nuug.no/~peter/pf/ is well worth reading -- http://www.crowsons.net/puters/x41.php