Re: How to block only MX query made to DNS server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Dont forget that this rule will block ANY type of resolutions for domains that contains MX in their names, just like 'flashmx.com' for example.

I think you should get some tcpdump's and get the exactly HEX dump of the MX query type and use with --string --hex-string instead of using simple string rules.


   Sincerily,
   Leonardo Rodrigues

----- Original Message ----- From: <hclfm@xxxxxxxxxxxx>
To: "pravin rane" <pgr_80@xxxxxxxxx>
Cc: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, November 30, 2004 7:36 AM
Subject: RE: How to block only MX query made to DNS server



I tried to run following command

# iptables -t filter -A INPUT -p udp --dport 53 -m 
string --string "MX" -j DROP

But I am getting Error like 

iptables v1.2.8: Couldn't load match
`string':/lib/iptables/libipt_string.so: cannot open
shared object file: No such file or directory

:-( Do I need to upgrade my iptables RPM 

Yes. Or rebuild kernel with strings modules support and compile iptables
userspace
again if necessary. Sorry for top posting in my previous reply.


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux