Kevin Chadwick <m8il1i...@gmail.com> writes: > I know rebound is not meant for this and see it's benefits for clients > and even maybe in front of unbound. > > However after noticing rebound and the undeadly thread I played with PF > to see if I could enforce all DNS requests to have come from rebound. > > The best I have managed so far without syntax errors is along the > lines of: > > block log quick proto udp from user !=_rebound > > which is sometimes not usable or doesn't quite achieve the goal? > > So is it possible to use something like: > > pass out on $ext_if from self user _rebound to $dns_srv port 53?
Something like pass out ... proto udp from any to any port 53 user = _rebound same for tcp. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
