> # iptables -t filter -A INPUT -p udp --dport 53 -m > string --string "MX" -j DROP This will not work. see http://www.faqs.org/rfcs/rfc1035.html chapter 4.1.3 (for complete understanding see at whole 4.x) and for MX type number see http://www.iana.org/assignments/dns-parameters
