> Has anybody out their seen the following, hits on port 53?
Yep, this is a well known problem (see archives, when they work...). Change
ipfilter_firewall_cfg in ipfilter.conf with these extra lines (#New Port 53
filter start/end):
ipfilter_firewall_cfg () {
local ADDR
local DEST
local NET
local SERVICE
#
# set default policies
#
# ONLY DENY FORWARDING ETC IF YOU KNOW WHAT YOU ARE DOING! If
# you turn off the filters, the box will become opaque to any traffic!
#
ipfilter_policy DENY
# Clear any garbage rules out of the filters
ipfilter_flush
# New Port 53 filter start
IP_LIST="`cat /etc/dns_floods`"
for IP in $IP_LIST; do
$IPCH -I input -j DENY -p tcp -s $IP/32 -d $EXTERN_IP/32 53 -i
$EXTERN_IF
done; unset IP
#New Port 53 filter end
# Set up Fair Queueing classifier lists
ipfilter_fairq
#
# Set up port forwards for internal services
#
<snip etc.>
Now create a dns_floods file in your /etc directory with all of the hosts
you receive port 53 spewage from. Here's my current list:
128.121.10.90
128.242.105.34
129.250.244.10
194.205.125.26
194.213.64.150
202.139.133.129
203.194.166.182
203.208.128.70
207.55.138.206
207.68.131.17
212.78.160.237
216.220.39.42
216.33.35.214
216.34.68.2
216.35.167.58
62.23.80.2
62.26.119.34
64.14.200.154
64.37.200.46
64.56.174.186
64.78.235.14
Now do:
svi network ipfilter flush
svi network ipfilter reload
Make sure you backup your changes (/etc).
Paul Rimmer,
Calgary, Alberta, Canada
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
