[conspire] iptables filtering responses from DNS servers

Daniel Gimpelevich daniel at gimpelevich.san-francisco.ca.us
Sat Jun 10 04:37:37 PDT 2006

Among my current iptables rules are the following:

iptables -t filter -X DOS
iptables -t filter -N DOS
iptables -A INPUT -p tcp --syn -j DOS
iptables -A INPUT -p udp -j DOS
iptables -A INPUT -p icmp --icmp-type echo-request -j DOS
iptables -A DOS -i ! nas0 -j RETURN
iptables -A DOS -m psd -j SCAN
iptables -A DOS -p tcp --syn -m limit --limit 5/s --limit-burst 10 -j RETURN
iptables -A DOS -p udp -m limit --limit 5/s --limit-burst 10 -j RETURN
iptables -A DOS -p icmp --icmp-type echo-request -m limit --limit 5/s --limit-burst 60 -j RETURN
iptables -A DOS -m limit --limit 10/s -j LOG --log-level 4 --log-prefix "[DOS] "
iptables -A DOS -j DROP

I'm quite a novice when it comes to iptables, so I obviously haven't fully
made sense of the above (nor any sense at this hour). On an intermittent
basis, these rules randomly, but consistently, filter out ordinary
responses from my ISP's DNS servers to queries made to them. I'm posting
this in the hopes of sparking a discussion of the specifics of what's
really happening for the edification of myself and others.

More information about the conspire mailing list