On March 19, 2008 01:43 pm Freddie Cash wrote: > On March 19, 2008 01:34 pm Freddie Cash wrote: > > Just curious if the following rule will work correctly. It is > > accepted by the ipfw command. In the process of working out a test > > for it, but thought I'd ask here as well, just to be sure. > > > > ipfw add { tcp or udp } from me to any 53 out xmit fxp0 > > ipfw add { tcp or udp } from any 53 to me in recv fxp0 > > established > > > > Will the UDP packets go through correctly, even though "established" > > has no meaning for UDP streams, and the ipfw command will barf if you > > use it with just "ipfw add udp" rules? > > Hmm, from the looks of things, it doesn't work. Even though it > specifies both tcp and udp, the rule only matches tcp packets from an > established connection. > > Perhaps a warning or error should be given when you try to use TCP > options on rules that aren't TCP-specific? > > Or am I missing something here?
Guess I should probably have included a test case. From "ipfw show" output: 00100 3 162 allow { tcp or udp } from me to any dst-port 53 out xmit fxp0 00110 0 0 allow { tcp or udp } from any 53 to me in recv fxp0 established 00120 3 409 allow { tcp or udp } from any 53 to me in recv fxp0 Without a "deny ip from any to any" rule instead of the last rule, UDP DNS requests fail. -- Freddie Cash [EMAIL PROTECTED] _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"