Would this be a good DNS ruleset? Assuming I put my DNS servers in the DNS_Servers address list. Well, and assuming I enable them...
add action=accept chain=forward disabled=no dst-address-list=DNS_Servers dst-port=53 protocol=tcp add action=reject chain=forward disabled=yes dst-port=53 protocol=udp reject-with=icmp-network-unreachable src-address-list=!DNS_Servers add action=reject chain=input disabled=yes dst-port=53 protocol=udp reject-with=icmp-network-unreachable src-address-list=!DNS_Servers add action=tarpit chain=forward disabled=yes dst-port=53 protocol=tcp src-address-list=!DNS_Servers add action=tarpit chain=input disabled=yes dst-port=53 protocol=tcp src-address-list=!DNS_Servers ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140806/fd0101dc/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
