Thank you Pedro fot http://ftp.openbsd.org/pub/OpenBSD/5.8/packages/amd64/dnsfilter-0.4p0.tgz
I am not sure this is as good as it could be, according to the mail there is room for improvement. Worth a test , and it s better to improve than to add up yet another small program, i wonder how good is the libdns compared to other. Best regards, On Mon, Nov 9, 2015 at 6:38 PM, Pedro Caetano <pedrocaet...@binaryflows.com> wrote: > Hi, > > I guess one could use pf's divert-to and dnsfilter. > > http://marc.info/?l=openbsd-misc&m=134187877220567&w=2 > > Regards, > Pedro Caetano > > On Mon, Nov 9, 2015 at 9:45 PM, sven falempin <sven.falem...@gmail.com> > wrote: > >> For the first time ever i did something with iptable >> that i dont know how to do (simply) with >> pf. >> Something i think it is usefull. >> >> I have a domain server, nsd, it serves whatever.com, >> the server is like flooded with request for no reason, >> >> with iptables i was able to add >> <-m string --hex-string whatever|03|com> >> in the <in> rules. >> >> So i only accept DNS request that matters to me. >> >> Is there a way ? (something simpler than diverting to a >> sort of grep -v ). >> >> Would it be a cool feature ? or because it s a protocol shall >> it be done inside relayd ? >> >> Best regards. >> >> -- >> >> --------------------------------------------------------------------------------------------------------------------- >> () ascii ribbon campaign - against html e-mail >> /\ >> >> > -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\
