From 111ed295ead15226f0601a37c930ad52992056a5 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 16 Jul 2007 13:41:24 +0000
Subject: added $DropMsgsWithMaliciousDnsPTRRecords option

---
 doc/rsyslog_conf.html | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html
index 262738a0..2171ec40 100644
--- a/doc/rsyslog_conf.html
+++ b/doc/rsyslog_conf.html
@@ -132,6 +132,15 @@ most</b></code></p>
 <p>Numbers are always in decimal. Leading zeros should be avoided (in some later 
 version, they may be mis-interpreted as being octal). Multiple directives may be 
 given. They are applied to selector lines based on order of appearance.</p>
+<h2>DropMsgsWithMaliciousDnsPTRRecords</h2>
+<p>Rsyslog contains code to detect malicious DNS PTR records (reverse name 
+resolution). An attacker might use specially-crafted DNS entries to make you 
+think that a message might have originated on another IP address. Rsyslog can 
+detect those cases. It will log an error message in any case. It this option 
+here is set to &quot;on&quot;, the malicious message will be completely dropped from your 
+logs. If the option is set to &quot;off&quot;, the message will be logged, but the 
+original IP will be used instead of the DNS name.</p>
+<p><code><b>$DropMsgsWithMaliciousDnsPTRRecords on</b></code></p>
 <h2>Templates</h2>
 <p>Templates are a key feature of rsyslog. They allow to specify any format a user 
 might want. They are also used for dynamic file name generation. Every output in rsyslog uses templates - this holds true for files, 
-- 
cgit