A reminder to readers, most of these blog posts are to remind me what I have done or fixed some problems. What works for me may not work for you. Most of the time, they aren’t even the best practice.

Here’s a snippet of the PF firewall rule on my FreeBSD box which acts as a DNS server. Basically, the firewall opens up UDP port 53 to allow LAN access it.

ext_if = "ue0"
pass in on $ext_if proto udp from to any port 53 keep state

It’s a good idea to test the PF’s configuration before reloading it:

# pfctl -n -f /etc/pf.conf
# echo $?

To reload the filewall for the change to take effect, run:

# pfct -f /etc/pf.conf

Reference: IPFW rules for DNS Resolvers