[Unbound-users] Unbound Logging
nlnetlabs at belanger.fr
Thu Feb 2 00:48:38 UTC 2012
> On BSD I'd say use a pf rule to block the IP for a time period if X
> many concurrent states to port 53. Is something like that possible with
> iptables on Linux?
Like a rate-limit for incoming connections? Yes, it's possible:
iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name DNS -j DROP
iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --set --name DNS -j ACCEPT
The first rule block every tentative above 10 each minute, but it's a quick'n dirty
example, it's possible to have something better.
[ http://www.debian-administration.org/articles/187 ]
More information about the Unbound-users