DNS proxy for IPFilter

There seem to be a few DNS proxies out there but all seemed aimed at doing proxy+cache without being seemingly easy to control what is accepted or denied. Plus none of them work with rdr rules in ipnat. And I got tired of bind being so big and hard to make work and I didn't want to dabble with the other main alternative (there would be more work trying to get it architected right to do the transparent stuff, I'm sure.)

So this was my weekend project. Oh, it does no caching (yet.) There are man pages in the .tgz.

http://coombs.anu.edu.au/~avalon/dns-proxy.tgz

Configuration goes something like this:

port fred 192.168.1.1 5053 transparent;
forwarders { 2.2.2.1, 2.2.2.3; };
acl all port fred { block \*.xxx;};
acl all port fred { allow .cnn.com; reject cnn.com; };

To be used with rules like:

rdr fxp0 0/0 port 53 -> 192.168.1.1 port 5053 udp

Also, seperate to this, there will be a dns proxy in IPfilter 5 that allows similar things to be done. That can be used on the outbound side of a firewall hosting named with map rules :)

Darren

Comments:

Where can we see list of features to be in IPfilter 5 ? What about blog entry dedicated to your future visions in IPfilter land ?

Posted by Vladimir Kotal on June 10, 2007 at 05:15 PM PDT #

You definitely need to do something about that port name... ;) Fred

Posted by Fred Medlin on June 18, 2007 at 11:46 PM PDT #

Post a Comment:
Comments are closed for this entry.
About

avalon

Search

Archives
« June 2015
SunMonTueWedThuFriSat
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today