X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/51988d089b81f995878ae55853f9f92e0beeb7f3..78aaac07301dc78e7676a18be5f23f44f6a4ffe7:/bookends.m4

diff --git a/bookends.m4 b/bookends.m4
index 807e8d9..699a966 100644
--- a/bookends.m4
+++ b/bookends.m4
@@ -177,6 +177,10 @@ errorchain bad-source-address DROP
 ## Packet arrived on wrong interface for its source address.  Drops the
 ## packet, since there's nowhere sensible to send an error.
 
+errorchain dns-rate-limit DROP
+## Dropped incoming DNS query due to rate limiting.  The source address is
+## suspicious, so don't produce ICMP.
+
 errorchain bad-destination-address REJECT
 ## Packet arrived on non-loopback interface with loopback destination.