On Wed, Oct 30, 2002 at 07:13:17PM +0100, Per olof Ljungmark wrote:
> At 18:42 10/30/2002 +0100, Henning Brauer wrote:
> >On Wed, Oct 30, 2002 at 01:38:59PM -0300, Helio Alexandre Lopes Loureiro
> >wrote:
> >> How I said, "keep state" looks like not working properly
> >
> >nonsense.
>
> To make this a yes or no perhaps makes sense.
> Is the following ruleset (in principle) enough for access to a dns server
> behind a pf firewall?
> pass in on xl0 inet proto {tcp, udp} from any to any port 53 keep state
given
-this is the last matching rule
-you don't filter one other interfaces that packet would need to pass
yes.
