###--------------------------------------------------------------------------
### vampire-specific rules.
+m4_divert(35)m4_dnl
+errorchain ddos-evil-dns DROP
+## Invalid DNS request with probably-forged sender address, with intent to
+## cause DDOS.
+
m4_divert(82)m4_dnl
## Repelling evil DDos attack.
run ipset -N ddos-evil-dns iphash 2>/dev/null || :
-run iptables -A inbound -j DROP \
+run iptables -A inbound -g ddos-evil-dns \
-m set --set ddos-evil-dns src \
-p udp --destination-port $port_dns
~mdw / firewall / commitdiff