For the first time ever i did something with iptable that i dont know how to do (simply) with pf. Something i think it is usefull.
I have a domain server, nsd, it serves whatever.com, the server is like flooded with request for no reason, with iptables i was able to add <-m string --hex-string whatever|03|com> in the <in> rules. So i only accept DNS request that matters to me. Is there a way ? (something simpler than diverting to a sort of grep -v ). Would it be a cool feature ? or because it s a protocol shall it be done inside relayd ? Best regards. -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\
