Little error in rules from handbook/firewalls-ipfw.html 28.6.5.7 An Example NAT and Stateful Ruleset

[Nicolae Namolovan]

Section 28.6.5.7 An Example NAT and Stateful Ruleset

Example Ruleset #2:
..
$cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif setup keep-state
..

AFAIK dns use also udp, so tcp is not really correct here.

I have changed the tcp->ip, but still was not work because of "setup"
:) That mean "tcpflags syn,!ack" what I guess is inaplicable to UDP
packets, so it will never pass.

Hope you'll change this to something like:

$cmd 020 $skip ip from any to x.x.x.x 53 out via $pif keep-state

Thanks a lot.

I spend on this smth. arround 5 hours, that's why I writing to you
right now.. %)

I also have added a rule like
$cmd 070 $skip ip from me to any out via $pif setup keep-state

But again that deamn "setup" %) That's a leson for a enitre life..

-- 
Best regards,
Nicolae Namolovan.