>> is it possible to restrict the DNS client port to a specific interface or
>> IP? netstat grep: udp 0 0 0.0.0.0:33076 0.0.0.0:* 3522/(squid)
>
> udp_outgoing_address.
>
> also used by ICP/HTCP however..
thx a lot - helps for my very isolated setup here.
but if i'd use ICP/HTCP as well, on other addresses/interfaces, i'd run into
trouble?
looks as if by default it's not easy to protect squid's nameresolving system
from spoofed packets, even if you run a dedicated nameserver to serve squid.
if i don't have a thinking error, it still needs a variable firewall rule
specifiing incoming interface and current squid dns udp listen port - this
rule(s) could at least be fixed if one could manually specify the dns udp
listen port?
Received on Wed Apr 06 2005 - 06:35:34 MDT
This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT