From ac5e6208c0df75a96ee0d1fd907835ac34062072 Mon Sep 17 00:00:00 2001
From: danger <danger@FreeBSD.org>
Date: Thu, 17 Jul 2008 20:00:18 +0000
Subject: - dns queries might go also over TCP, so allow it.

Approved by:	rink
MFC after:	1 week
---
 etc/rc.firewall | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'etc/rc.firewall')

diff --git a/etc/rc.firewall b/etc/rc.firewall
index fe678fc..df8a572 100644
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@@ -194,6 +194,7 @@ case ${firewall_type} in
 	${fwcmd} add deny tcp from any to any setup
 
 	# Allow DNS queries out in the world
+	${fwcmd} add pass tcp from me to any 53 setup keep-state
 	${fwcmd} add pass udp from me to any 53 keep-state
 
 	# Allow NTP queries out in the world
@@ -294,6 +295,7 @@ case ${firewall_type} in
 	${fwcmd} add pass tcp from any to any setup
 
 	# Allow DNS queries out in the world
+	${fwcmd} add pass tcp from ${oip} to any 53 setup keep-state
 	${fwcmd} add pass udp from ${oip} to any 53 keep-state
 
 	# Allow NTP queries out in the world
-- 
cgit v1.1