> Hi > > Thanks this seemed to have done the trick.I had to add > another rule for tcp aswell. Is it possible for these rules > to slow my browsing abit? Because it seems asif my browsing > is abit slower now since i used the rules? quick answer: no. long answer: it has been discussed on this list previously that connection tracking DNS queries/responses on or for a busy DNS server (i think the number was ~ 200 queries/second) will slow the name resolution process down. the reason being that the state creation adds noticeable, unnecessary latency, as most (all?) queries are one packet request--one packet response. somehow i don't think this applies here. oh--and i'll chime in with the obligatory: don't run a DNS (or any other) server on your firewall. -j
