Re: more on my question : DNS answers blocked?

2007-03-06 Thread Daniel Hartmeier
Looks like the blocked packets were IP fragments. For stateful filtering, IP fragments must be reassembled, try adding scrub in fragment reassemble at the top of your ruleset. Daniel

more on my question : DNS answers blocked?

2007-03-06 Thread Jacques Beigbeder
Hello, Yesterday, my mail wasn't explicit. Sorry. Architecture: Internet PF firewall on FreeBSD 5.5 DNS server (bind 9) This is now a firewall in production: DNS host has 100 packets per second, there is a mail server with 700.000 smtp hits per day, 'pfctl -si' shows betwe