is it possible to restrict the DNS client port to a specific interface or IP? netstat grep: udp 0 0 0.0.0.0:33076 0.0.0.0:* 3522/(squid)
udp_outgoing_address.
also used by ICP/HTCP however..
thx a lot - helps for my very isolated setup here.
but if i'd use ICP/HTCP as well, on other addresses/interfaces, i'd run into trouble?
looks as if by default it's not easy to protect squid's nameresolving system from spoofed packets, even if you run a dedicated nameserver to serve squid. if i don't have a thinking error, it still needs a variable firewall rule specifiing incoming interface and current squid dns udp listen port - this rule(s) could at least be fixed if one could manually specify the dns udp listen port?
