[afnog] Resolver issues - Resolved.
Phil Regnauld
regnauld at x0.dk
Mon Apr 10 23:04:28 EAT 2006
On Mon, Apr 10, 2006 at 08:27:16PM +0300, Michuki Mwangi wrote:
>
> firewall rules and shame on me that i had actually removed the
> 'keep-state' on the outbound DNS rules a couple of weeks ago (and i
> couldnt remember). It just happened that we had a server restart this
> weekend and thats where all the trouble started.
>
> Comparing the files with an older file just lead me to this. What a day! :(
>
>
> # Allow DNS queries out in the world
> ${fwcmd} add pass udp from ${ip} to any 53 keep-state
>
> ^^^^^^^^^^^
Classic :)
pf is good in this way that it _forces_ one to update pf.conf THEN
call pfctl. In practice one can also do this (modify the ipfw file
THEN call /etc/rc.d/rc.firewall or sh /etc/rc.firewall on 4.x).
Phil
More information about the afnog
mailing list