I've done some experiments with DNS filtering by diald, as suggested by Mike Jagdis. I added the following var's to my diald's configuration: # Define DNS query fields. (RFC 1035) var udp.dns.header.id +8(16)&0xffff var udp.dns.header.qr +9(31)&0x1 var udp.dns.header.opcode +9(27)&0xf var udp.dns.header.aa +9(26)&0x1 var udp.dns.header.tc +9(25)&0x1 var udp.dns.header.rd +9(24)&0x1 var udp.dns.header.ra +9(23)&0x1 var udp.dns.header.rcode +9(16)&0xf var udp.dns.header.qdcount +10(16)&0xffff var udp.dns.header.ancount +11(16)&0xffff var udp.dns.header.nscount +12(16)&0xffff var udp.dns.header.arcount +13(16)&0xffff (I have to add some simular lines for tcp DNS lookups.) Experiments show that it seems to work, although I'm not very sure about this as it is very hard to test with only these header fields. A problem however arises when I try to add more DNS protocol fields. These fields, including the QNAME field which holds the queries themselves, are strings, and as far as I know diald can't handle strings in it's filter rules. Mark [EMAIL PROTECTED] - Linux 2.2.10 on an i686/160MB - To unsubscribe from this list: send the line "unsubscribe linux-diald" in the body of a message to [EMAIL PROTECTED]
