Maintained by: NLnet Labs

[Unbound-users] Unbound Logging

Xavier Belanger
Thu Feb 2 01:48:38 CET 2012


Hi,

> On BSD I'd say use a pf rule to block the IP for a time period if X 
> many concurrent states to port 53. Is something like that possible with 
> iptables on Linux?

Like a rate-limit for incoming connections? Yes, it's possible:

iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name DNS -j DROP
iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --set --name DNS -j ACCEPT

The first rule block every tentative above 10 each minute, but it's a quick'n dirty
example, it's possible to have something better.

 [ http://www.debian-administration.org/articles/187 ]

Bye.
-- 
Xavier Belanger