Date: Fri, 18 May 2007 13:55:55 +0300 From: "Nicolae Namolovan" <adrenalinup@gmail.com> To: doc@FreeBSD.org, questions@FreeBSD.org Subject: Little error in rules from handbook/firewalls-ipfw.html 28.6.5.7 An Example NAT and Stateful Ruleset Message-ID: <f027bef40705180355v75dfa0a6l1161b5eb5f4adba6@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Section 28.6.5.7 An Example NAT and Stateful Ruleset Example Ruleset #2: .. $cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif setup keep-state .. AFAIK dns use also udp, so tcp is not really correct here. I have changed the tcp->ip, but still was not work because of "setup" :) That mean "tcpflags syn,!ack" what I guess is inaplicable to UDP packets, so it will never pass. Hope you'll change this to something like: $cmd 020 $skip ip from any to x.x.x.x 53 out via $pif keep-state Thanks a lot. I spend on this smth. arround 5 hours, that's why I writing to you right now.. %) I also have added a rule like $cmd 070 $skip ip from me to any out via $pif setup keep-state But again that deamn "setup" %) That's a leson for a enitre life.. -- Best regards, Nicolae Namolovan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f027bef40705180355v75dfa0a6l1161b5eb5f4adba6>