On Fri, Dec 16, 2011 at 12:15:32PM -0800, SM <sm at resistor.net> wrote a message of 15 lines which said: > You could block all off-net traffic from non-authenticated clients. Won't work (think about how DNS works).