Then you definitely don't want to block that =) -- Подпись: (добавляется в конце всех исходящих писем)
2014-08-06 20:01 GMT+03:00 Mike Hammett <[email protected]>: > The router itself is still answering DNS for some devices. > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > ----- Original Message ----- > > From: "Chupaka" <[email protected]> > To: "Mikrotik discussions" <[email protected]> > Sent: Wednesday, August 6, 2014 11:56:06 AM > Subject: Re: [Mikrotik] DNS Firewall > > Why do you need to block it in input chain? Forward is quite enough. > > -- > Подпись: > (добавляется в конце всех исходящих писем) > > > 2014-08-06 18:32 GMT+03:00 Mike Hammett <[email protected]>: > > > Would this be a good DNS ruleset? Assuming I put my DNS servers in the > > DNS_Servers address list. Well, and assuming I enable them... > > > > add action=accept chain=forward disabled=no dst-address-list=DNS_Servers > > dst-port=53 protocol=tcp > > add action=reject chain=forward disabled=yes dst-port=53 protocol=udp > > reject-with=icmp-network-unreachable src-address-list=!DNS_Servers > > add action=reject chain=input disabled=yes dst-port=53 protocol=udp > > reject-with=icmp-network-unreachable src-address-list=!DNS_Servers > > add action=tarpit chain=forward disabled=yes dst-port=53 protocol=tcp > > src-address-list=!DNS_Servers > > add action=tarpit chain=input disabled=yes dst-port=53 protocol=tcp > > src-address-list=!DNS_Servers > > > > > > > > > > ----- > > Mike Hammett > > Intelligent Computing Solutions > > http://www.ics-il.com > > > > > > > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140806/fd0101dc/attachment.html > > > > > _______________________________________________ > > Mikrotik mailing list > > [email protected] > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > RouterOS > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140806/d3b3ec39/attachment.html > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140806/2bc6cdf8/attachment.html > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140806/5186c8ad/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
