From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] unbound: Update to 1.9.0 Date: Tue, 26 Feb 2019 09:54:00 +0000 Message-ID: <389F1C8C-1ADE-48AE-91FD-A622C832EDEF@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2107768322955686653==" List-Id: --===============2107768322955686653== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, I have just merged this patch into next for c129. -Michael > On 15 Feb 2019, at 16:48, Matthias Fischer = wrote: >=20 > On 15.02.2019 12:34, Michael Tremer wrote: >> On 14 Feb 2019, at 17:26, Matthias Fischer = wrote: >>>=20 >>> Hi Michael, >>>=20 >>> On 14.02.2019 12:01, Michael Tremer wrote: >>>>>> I did *not* merge this one, yet. >>>>> No problem - I'm in touch with Erik trying to help testing TFO and DoT. >>>> Please don=E2=80=99t forget to share what you are doing on this list=20 >>>=20 >>> Of course. ;-) >>>=20 >>> So far, I got the same results as Erik. But my test environment is not >>> as extensive as his. >>>=20 >>> One important result for me: the iptables rules to prevent dns hijacking >>> are still working. >>=20 >> The ones for the captive portal? Or did you have any custom rules? >=20 > I use custom rules in 'firewall.local' > (Inspired by https://blog.ipfire.org/post/use-ipfire-to-protect-you-from-dn= schanger): >=20 > ***SNIP*** > sbin/iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp --dport 53 -j DNA= T --to 192.168.100.254:53 >=20 > /sbin/iptables -t nat -A CUSTOMPREROUTING -i green0 -p tcp --dport 53 -j DN= AT --to 192.168.100.254:53 >=20 > /sbin/iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp --dport 53 -j DNA= T --to 192.168.101.254:53 >=20 > /sbin/iptables -t nat -A CUSTOMPREROUTING -i blue0 -p tcp --dport 53 -j DNA= T --to 192.168.101.254:53 > ***SNAP*** >=20 > I'm still testing testing under various conditions. >=20 > Best, > Matthias --===============2107768322955686653==--