[Dnsmasq-discuss] Add IPs to BSD pf table from dnsmasq?

Chen Wei weichen302 at zoho.com
Mon Jan 1 11:31:49 GMT 2018


On Fri, Dec 22, 2017 at 09:17:08PM +0000, Andrew White wrote:
> I've used it for a while on freebsd without issue, configured as per
> dnsmasq man page syntax
> 

Thanks for the max-ttl tip. I have used it on pfSense(based on freebsd)
for several days now. No issue!


> I would add to docs the risk that this feature can lead to a growing table
> of ips that never gets pruned or expired, that could lead to allowing more
> ip addrs within a Table over time, than might be anticipated.  i.e. you
> could end up that the hostname of the endpoint moves ip, but your firewall
> still allows traffic from the old ip, under some circumstance this is a
> significant risk.  I use max-ttl  feature of dnsmasq with the pf Table
> expires feature to prune the table every 15 mins. YMMV as the client using
> this feature would need to support re-resolving ip's.
> 
> On Tue, Dec 19, 2017 at 1:38 AM, Chen Wei <weichen302 at zoho.com> wrote:
> 
> > On Mon, Dec 18, 2017 at 07:21:37PM +0000, Simon Kelley wrote:
> > > On 17/12/17 08:02, Chen Wei wrote:
> > > > is very fast. Is it possible to add the results of DNS lookup to pf
> > > > table from dnsmasq?
> > > >
> > > Yes, it is. pf tables is supported  on BSD using the same --ipset
> > > dnsmasq configuration option. Looking, there's not explicit
> >

-- 
Chen Wei




More information about the Dnsmasq-discuss mailing list