2008/7/20 Mark Shroyer <[EMAIL PROTECTED]>: > > http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html > > The configuration line in question: > > nat on $WAN_IF inet proto { tcp, udp } from a.b.c.d to any \ > port 53 -> a.b.c.d > > Or, if you have a dynamic IP address on a cable modem, etc.: > > nat on $WAN_IF inet proto { tcp, udp } from ($WAN_IF) to any \ > port 53 -> ($WAN_IF) >
Hey I was trying this today... however I have bind on the OpenDNS router that is doing nat itself, so do you know if that would work at all? My OpenDNS router is connected directly to the internet. -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, like all disclaimers on the net, there are no effective legal binding on your part and disclaimers can be ignored. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
