Re: ipfw2 - too many dynamic rules
Stec John wrote: I need some help with ipfw2 on my squid box I have too many dynamic rules errors for dns Can I insert a dns static rule into my rules (as below) and how? [ ... ] # allow DNS,NTP queries out in the world add pass udp from any 1024-65535 to any 53,123 add pass udp from any 53,123 to any 1024-65535 add pass udp from any 53,123 to any 53,123 add pass tcp from me to any 53 setup keep-state Note that you probably want to use the combination of setup keep-state elsewhere in your rules, too. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw2 - too many dynamic rules
Stec John wrote: Hi Chuck, are you suggesting to add these dns rules on top of the existing rules? Yes. Can I use allow instead of pass? Yes, they mean the same thing: allow Allow packets that match rule. The search terminates. Aliases are pass, permit and accept. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw2 - too many dynamic rules
Hi Chuck, are you suggesting to add these dns rules on top of the existing rules? Can I use allow instead of pass? - Original Message - From: Chuck Swiger [EMAIL PROTECTED] To: Stec John [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Tuesday, October 18, 2005 12:31 PM Subject: Re: ipfw2 - too many dynamic rules Stec John wrote: I need some help with ipfw2 on my squid box I have too many dynamic rules errors for dns Can I insert a dns static rule into my rules (as below) and how? [ ... ] # allow DNS,NTP queries out in the world add pass udp from any 1024-65535 to any 53,123 add pass udp from any 53,123 to any 1024-65535 add pass udp from any 53,123 to any 53,123 add pass tcp from me to any 53 setup keep-state Note that you probably want to use the combination of setup keep-state elsewhere in your rules, too. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
