Solved Ping out to domains blocked

[leonardorame]

I can ping to IPs, for example 1.1.1.1 but not to domains (/etc/resolv.conf is ok).

block out
pass inet proto icmp icmp-type { echoreq, unreach }
#pass out quick from 192.168.0.0./24

If I uncomment the last line I can ping to domains, but that leaves everything open to the outside. How can I block everything to the outside, but permit ping?

 

[leonardorame]

This works:

pass out proto {tcp udp} to port { 53 }
pass inet proto icmp icmp-type { echoreq }

 

[SirDice]

Yes, DNS works on port 53, if it cannot send a DNS request to the internet you cannot translate hostnames/domains to IP addresses.