On Fri, Aug 20, 2021 at 04:42:05AM +0000, Qontinuum wrote:
> On Thu, Aug 19, 2021 at 10:42:42PM -0400, Ruben Safir wrote:
> > anyone know a solution to this that works
> >
> > /sbin/iptables -I INPUT -p udp --dport 53 -m string –hex-string
> > '|03|www|08|pizzaseo|03|com|' –algo bm -j DROP
> > iptables v1.8.7 (legacy): unknown option "--dport"
> > Try `iptables -h' or 'iptables --help' for more information.
> >
> > No docs I read dislike -dport or --dport
> >
> > the objective here is to drop remote inquiries for pizzaseo.com which
> > seems to be an attach
>
> The solution is to use the iptables-legacy binary instead of the iptables one.
>
> I would like to encourage you to use nftables instead of iptables
> which is deprecated for years now and you will gain benefit in
> performance and ease of maintenance.
>
It does the same thing with legacy. I tried that before posting.
nft doesn't have a string matching capacity.
> Also, since it is an input rule I guess that you are hosting a DNS on
> this machine. Isn't your DNS capable of using Response Policy Zones or
> even rules hard-coded in your configuration?
That would be ideal. I am using bind9 and I have in the config
options {
directory "/usr/local/namedb/";
version "BMT - Brighton Line";
pid-file "/run/named.pid";
allow-query { any; };
allow-recursion {"localnets";};
// ban everyone by default
allow-transfer {"none";};
};
I thought that left recursions to only my local network and would block
foriegn external inquiries. Evidently it doesn't stop this exploit.
> --
> qontinuum
> --
> artix-general mailing list
> artix-general at artixlinux.org
> https://lists.artixlinux.org/listinfo/artix-general
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
More information about the artix-general
mailing list