On Tue, Aug 29, 2006 at 09:30:50AM -0300, Facundo Barrera wrote:
> Hi list:
> 
> Need help with this firewall script, its for a box running BIND, of
> course i need SSH access too (of course tlp0 and lo0 are accurate):
> 
> **************************************************************************
> ##ipf.conf
> 
> ## pass all local traffic
> 
> pass in quick on lo0 all
> pass out quick on lo0 all
> 
> 
> ## block all inbound/outbound traffic that doesn't comply with rules below
> ## the first rule logs to the daemon.notice syslog event level
> #block in log level daemon.notice all
> 
> block in all
> block out all
> 
> 
> ## pass inbound echo request
> pass in quick on tlp0 proto icmp from any to any icmp-type 8
> 
> 
> ## pass inbound identd requests
> pass in quick on tlp0 proto tcp from any to any port = 113 flags S keep 
> state
> 
> 
> ## pass inbound BIND
> pass in quick on tlp0 proto tcp from any to any port = 53 flags S keep state
> 
> pass in quick on tlp0 proto udp from any to any port = 53 flags S keep state

My (functional) bind entries look like this:

## pass inbound domain
pass in quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass in quick on fxp0 proto udp from any to any port = 53 keep state

-- 
Michael Parson
mparson@bl.org