Looks to me that you have a larger problem. Is this an rfc1918 address coming from the outside? You should be blocking ALL rfc1918 addresses from the Internet, as they are by definition an attack.
Hi Robert, thanks for the reply. This is in fact what I am trying to do. We have a load-balancing device in front of this DNS server. It is configured so that all Internet traffic that comes through appears to originate from 10.100.1.1.
rfc1918 defines PRIVATE ipv4 addresses. These are not routed over the Internet. A packet with a source address in 'Net1' will never route out back to the sender. It is intended to attack (in some way) the destination.
Yep, these are internal DNS servers that were mis-configured by the previous admin. I'm trying to do some cleanup and make sure that they are not available to the public internet.
What is confusing me is why my iptables rule is not working correctly. TCPdump shows that the source is correct. Any ideas?