~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Rate limiting for incoming DNS queries over UDP.
[firewall] / bookends.m4
diff --git a/bookends.m4 b/bookends.m4
index 807e8d9..699a966 100644 (file)
--- a/bookends.m4
+++ b/bookends.m4
@@ -177,6 +177,10 @@ errorchain bad-source-address DROP
 ## Packet arrived on wrong interface for its source address.  Drops the
 ## packet, since there's nowhere sensible to send an error.
 
+errorchain dns-rate-limit DROP
+## Dropped incoming DNS query due to rate limiting.  The source address is
+## suspicious, so don't produce ICMP.
+
 errorchain bad-destination-address REJECT
 ## Packet arrived on non-loopback interface with loopback destination.
 
Firewall scripts for distorted.org.uk.