Hi, I guess one could use pf's divert-to and dnsfilter.
http://marc.info/?l=openbsd-misc&m=134187877220567&w=2 Regards, Pedro Caetano On Mon, Nov 9, 2015 at 9:45 PM, sven falempin <sven.falem...@gmail.com> wrote: > For the first time ever i did something with iptable > that i dont know how to do (simply) with > pf. > Something i think it is usefull. > > I have a domain server, nsd, it serves whatever.com, > the server is like flooded with request for no reason, > > with iptables i was able to add > <-m string --hex-string whatever|03|com> > in the <in> rules. > > So i only accept DNS request that matters to me. > > Is there a way ? (something simpler than diverting to a > sort of grep -v ). > > Would it be a cool feature ? or because it s a protocol shall > it be done inside relayd ? > > Best regards. > > -- > > --------------------------------------------------------------------------------------------------------------------- > () ascii ribbon campaign - against html e-mail > /\
