Rate limiting for incoming DNS queries over UDP.

[firewall] / radius.m4

diff --git a/radius.m4 b/radius.m4
index ecf64b7..180b8ac 100644 (file)
--- a/radius.m4
+++ b/radius.m4
@@ -28,19 +28,10 @@ m4_divert(86)m4_dnl
 ## Externally visible services.
 allowservices inbound tcp \
        ident \
-       dns iodine \
        ssh
 allowservices inbound udp \
-       dns iodine \
        tripe
 
-## Provide DNS resolution to local untrusted hosts.
-for p in tcp udp; do
-  run iptables -A inbound -j ACCEPT \
-         -s 172.29.198.0/24 \
-         -p $p --destination-port $port_dns
-done
-
 ## Provide syslog for evolution.
 run iptables -A inbound -j ACCEPT \
        -s 172.29.198.2 \
@@ -48,6 +39,7 @@ run iptables -A inbound -j ACCEPT \
 
 ## Other interesting things.
 dnsresolver inbound
+dnsserver inbound
 
 ## IPv6 6-in-4 tunnel.
 run iptables -A inbound -j ACCEPT \