ipfw2 - too many dynamic rules

[Stec John]

I need some help with ipfw2 on my squid box 

I have too many dynamic rules errors for dns
Can I insert a dns static rule into my rules (as below) and how?

allow ip from any to any via lo0
allow ip from any to any via lo1
deny ip from any to 127.0.0.0/8
deny ip from 127.0.0.0/8 to any
check-state
allow ip from me to any keep-state
divert 8668 tcp from 202.4.48.0/22 to any dst-port 80
fwd 127.0.0.1,3128 tcp from 202.4.48.0/22 to any dst-port 80
allow ip from any to any
deny ip from any to any



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfw2 - too many dynamic rules

[Stec John]

Hi Chuck, are you suggesting to add these dns rules on top of the existing
rules?
Can I use allow instead of pass?

- Original Message -
From: Chuck Swiger [EMAIL PROTECTED]
To: Stec John [EMAIL PROTECTED]
Cc: freebsd-questions@freebsd.org
Sent: Tuesday, October 18, 2005 12:31 PM
Subject: Re: ipfw2 - too many dynamic rules


 Stec John wrote:
  I need some help with ipfw2 on my squid box
 
  I have too many dynamic rules errors for dns
  Can I insert a dns static rule into my rules (as below) and how?
 [ ... ]

 # allow DNS,NTP queries out in the world
 add pass udp from any 1024-65535 to any 53,123
 add pass udp from any 53,123 to any 1024-65535
 add pass udp from any 53,123 to any 53,123
 add pass tcp from me to any 53 setup keep-state

 Note that you probably want to use the combination of setup keep-state
 elsewhere in your rules, too.

 --
 -Chuck

 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
[EMAIL PROTECTED]




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]