This is what I am trying to stop - coming from random places about the
internet
client @0x7f6ef811c2e8 135.181.45.33#80 (pizzaseo.com): query failed
(REFUSED) for pizzaseo.com/IN/RRSIG at query.c:5495
I would actually perfer to stop it BEFORE it reaches bind
On Fri, Aug 20, 2021 at 04:42:05AM +0000, Qontinuum wrote:
> On Thu, Aug 19, 2021 at 10:42:42PM -0400, Ruben Safir wrote:
> > anyone know a solution to this that works
> >
> > /sbin/iptables -I INPUT -p udp --dport 53 -m string –hex-string
> > '|03|www|08|pizzaseo|03|com|' –algo bm -j DROP
> > iptables v1.8.7 (legacy): unknown option "--dport"
> > Try `iptables -h' or 'iptables --help' for more information.
> >
> > No docs I read dislike -dport or --dport
> >
> > the objective here is to drop remote inquiries for pizzaseo.com which
> > seems to be an attach
>
> The solution is to use the iptables-legacy binary instead of the iptables one.
>
> I would like to encourage you to use nftables instead of iptables
> which is deprecated for years now and you will gain benefit in
> performance and ease of maintenance.
>
> Also, since it is an input rule I guess that you are hosting a DNS on
> this machine. Isn't your DNS capable of using Response Policy Zones or
> even rules hard-coded in your configuration?
> --
> qontinuum
> --
> artix-general mailing list
> artix-general at artixlinux.org
> https://lists.artixlinux.org/listinfo/artix-general
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
More information about the artix-general
mailing list