A reminder to readers, most of these blog posts are to remind me what I have done or fixed some problems. What works for me may not work for you. Most of the time, they aren’t even the best practice.
Here’s a snippet of the PF firewall rule on my FreeBSD box which acts as a DNS server. Basically, the firewall opens up UDP port 53 to allow LAN access it.
ext_if = "ue0"
...
pass in on $ext_if proto udp from 192.168.1.0/24 to any port 53 keep state
It’s a good idea to test the PF’s configuration before reloading it:
# pfctl -n -f /etc/pf.conf
# echo $?
0
To reload the filewall for the change to take effect, run:
# pfct -f /etc/pf.conf
Reference: IPFW rules for DNS Resolvers