From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-ob0-x22e.google.com (mail-ob0-x22e.google.com
	[IPv6:2607:f8b0:4003:c01::22e])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id D341921F1CB
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue, 25 Nov 2014 10:36:41 -0800 (PST)
Received: by mail-ob0-f174.google.com with SMTP id m8so915180obr.5
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue, 25 Nov 2014 10:36:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	bh=yOPjMtABHXD8MMI2K/ToK19RbD9UiJNY7HrgrqoPyVY=;
	b=EDZw+8b9mj5WxG9BFrAjJULdb8ENBI3ky4TCGmzkdlae56dr7DsYFTqSBUPKwUndMn
	QmAwVJeRwJ2nQgI/qSdo9WCsorzPIpeuogNZA69tdNnrk9Jveg0a6OegnVtXVXGKLXc/
	hKgME7/mXFLDoPZjKz5YeUIO/D5Z0s3cMaUSK4OiCTq+SPP5iz4kI4ibiAr3XoyCS4rr
	JYW1gKx51JV22YAYjij8xqtYBIUYHmK0B4EyooCn1+AP2V8c9+qMkovc/3Lxv+kmIkOY
	lX7afrocJKlaqWK+0ysaPsGKT3t+MbBbZmdoM7o/hujhObqEo3guU140l+t+62KU0n2L
	kbNg==
MIME-Version: 1.0
X-Received: by 10.202.171.85 with SMTP id u82mr16524023oie.24.1416940600535;
	Tue, 25 Nov 2014 10:36:40 -0800 (PST)
Received: by 10.202.227.211 with HTTP; Tue, 25 Nov 2014 10:36:40 -0800 (PST)
In-Reply-To: <1316.1416939941@sandelman.ca>
References: <1316.1416939941@sandelman.ca>
Date: Tue, 25 Nov 2014 10:36:40 -0800
Message-ID: <CAA93jw6mMxecacyUtTaPvcRnUfNFZePGZNbrDtu77HMLegJyYg@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: Michael Richardson <mcr@sandelman.ca>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] open recursive DNS server
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Tue, 25 Nov 2014 18:37:10 -0000

hmm. you should still have been firewalled off. Is it really
responding to dns queries from the
outside world?

Add to /etc/config/dhcp

 list notinterface 'yourotherinterface'

there are other ways.

On Tue, Nov 25, 2014 at 10:25 AM, Michael Richardson <mcr@sandelman.ca> wro=
te:
>
> I noticed that I'm being used as an open recursive relay.
> I see:
>
> except-interface=3Dge00
>
> in the generated /var/etc/dnsmasq.conf, but that's wrong.  It should exce=
pt
> pppoe-storm from service!
>
> Can I fix this somewhere in /etc/config?  Can I just put in a CIDR?
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh netwo=
rks [
> ]   Michael Richardson, Sandelman Software Works        | network archite=
ct  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails=
    [
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



--=20
Dave T=C3=A4ht

thttp://www.bufferbloat.net/projects/bloat/wiki/Upcoming_Talks