From 95c2688ea32b6bf256788c788a71024392817295 Mon Sep 17 00:00:00 2001 From: bbruns Date: Tue, 24 Aug 2010 01:46:31 +0000 Subject: [PATCH] More new options --- include/functions | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/functions b/include/functions index fbf0466..fbfda40 100644 --- a/include/functions +++ b/include/functions @@ -127,8 +127,10 @@ function apply_ipv4_hack { while [ $# -gt 0 ]; do case "$1" in NS-IN-DDOS) + # NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see: + # http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/ display_c PURPLE " ./NS/IN-DDOS-FIX" - $IPTABLES -A INPUT -j DROP -p udp --dport domain -m u32 --u32 \ + $IPTABLES -A INPUT -j DROP -p udp --dport 53 -m u32 --u32 \ "0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001" ;; esac