Hi, I have built some skeleton code (it's ugly) for a proxy for dns based on my wildcarddnsd. I'm using divert(4) sockets but whenever I put the pf rules on the reinjection doesn't work for me. Here is my pf rules:
# pfctl -srules pass all flags S/SA block drop in on ! lo0 proto tcp from any to any port 6000:6010 block drop in on re0 inet from <fuckoff> to any pass in on re0 inet proto udp from any to any port = 53 scrub (reassemble tcp) divert-packet port 9999 and here is the skeleton code: http://ipv4.goldflipper.net/private/dnsdivert.tgz I did this rather fast hoping to get it in for someone I know who is being used for a DNS amplifier attack but the final tests broke the hope of stopping it with this. The way you use that is run the program in the foreground and it should print for what dns name a query is. But when I run it the reinject does not happen and dig for example will stop in its tracks and not deliver an answer from named. Any small hint would be appreciated, -peter
