Hi Eduardo, I suggest you to check link below http://www-128.ibm.com/developerworks/linux/library/l-fw/?n-l-4191 Hope this helps. Regards Elvir Kuric --- Eduardo Fernández <eduardo@xxxxxxxxxxxxxx> wrote: > Hi! > > Some computers in my network are flooding the dns > server with mx > queries generated by some virus, at a rate of > 2/second or so. I can't > use the string match as suggested before because of > my kernel version. > I can't forbid MX queries in the server because > there could be valid > queries, so the only way to match the virus is the > speed or number of > queries. I've tried the following to match only the > virus but not the > normal clients (people surfing the web mainly): > > iptables -A INPUT -p udp -d server_ip --dport 53 -m > limit --limit > 40/minute --limit-burst 2000 -j ACCEPT > > But it doesn't work. Any ideas? > > Thanks a bunch! > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
