Nils Frohberg
2016-02-03 14:03:20 UTC
The FAQ explains how to set up dnscrypt-proxy (from ports) in
conjunction with unbound and pf in order to prevent information
leakage. The sample pf rule is currently broken, since the "log"
and "in" keywords are switched.
Index: faq/pf/example1.html
===================================================================
RCS file: /cvs/www/faq/pf/example1.html,v
retrieving revision 1.67
diff -u -r1.67 example1.html
--- faq/pf/example1.html 24 Jan 2016 18:47:17 -0000 1.67
+++ faq/pf/example1.html 3 Feb 2016 11:46:35 -0000
@@ -366,7 +366,7 @@
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf">pf.conf(5)</a>
rule may be used as an additional safety belt:
<blockquote><pre>
-block return log in on $int_if inet proto { tcp udp } from any to ! 192.168.1.1 port 53
+block return in log on $int_if inet proto { tcp udp } from any to ! 192.168.1.1 port 53
</pre></blockquote>
<p>
As configured in a previous section, our DHCP server will give users a default
conjunction with unbound and pf in order to prevent information
leakage. The sample pf rule is currently broken, since the "log"
and "in" keywords are switched.
Index: faq/pf/example1.html
===================================================================
RCS file: /cvs/www/faq/pf/example1.html,v
retrieving revision 1.67
diff -u -r1.67 example1.html
--- faq/pf/example1.html 24 Jan 2016 18:47:17 -0000 1.67
+++ faq/pf/example1.html 3 Feb 2016 11:46:35 -0000
@@ -366,7 +366,7 @@
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf">pf.conf(5)</a>
rule may be used as an additional safety belt:
<blockquote><pre>
-block return log in on $int_if inet proto { tcp udp } from any to ! 192.168.1.1 port 53
+block return in log on $int_if inet proto { tcp udp } from any to ! 192.168.1.1 port 53
</pre></blockquote>
<p>
As configured in a previous section, our DHCP server will give users a default