Tom Eastep wrote: > I've place my DNSDDOS action files at > http://www.shorewall.net/pub/shorewall/contrib/DNSDDOS/. See the > aaREADME.txt file. > > Shorewall-perl users should be able to use it as-is.
As with Perl, with Shorewall "there is more than one way to do it".
You can also accomplish the same thing using /etc/shorewall/compile:
--------------
use strict;
use Shorewall::Chains;
my $chainref = ensure_manual_chain qw/DNSDDOS/;
add_rule $chainref, q(-m string --algo bm --from 30 --to 31 --hex-string
"|010000010000000000000000020001|" -j DROP);
add_rule $chainref, q(-j ACCEPT);
1;
---------------
As with the action technique, the first add_rule call should be on a
single line. The rules file change is the same as when using the files
at the URL above; see the aaREADME.txt file.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
