Differences

This shows you the differences between two versions of the page.

--- iptables:dns_query_limiting [2016/07/08 09:42] – peter
+++ iptables:dns_query_limiting [2019/11/29 17:29] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== IPTables - DNS query limiting ======
-Analysis of DNS queries coming in was able to determine an average of 5 requests per second per IP.
-This figure could be set as the limit for the firewall, however to prevent instances where a lot of valid requests come in a relatively short amount of time, it is better to not measure over a single second but an average over a longer period.  For example, as it's been determined that there is an average of 5 requests per second, then that would mean that over 10 seconds there would be an average of 50 requests.
-To tighten the security even more, the firewall is also set to allow a maximum of 15 requests per second per IP.
-<code bash>
-#!/bin/bash
-# This script limits the queries per second to 5/s
-# with a burst rate of 15/s and does not require
-# buffer space changes
-# Requests per second
-RQS="15"
-# Requests per 10 seconds
-RQH="50"
-iptables --flush
-iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --set --name DNSQF --rsource
-iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --update --seconds 1 --hitcount ${RQS} --name DNSQF --rsource -j DROP
-iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --set --name DNSHF --rsource
-iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --update --seconds 7 --hitcount ${RQH} --name DNSHF --rsource -j DROP
-</code>