[CentOS] Can one construct an IPTables rule to block on NS records?
Kenneth Porter
shiva at sewingwitch.com
Tue Oct 6 07:22:55 UTC 2015
--On Monday, October 05, 2015 10:46 AM -0400 "James B. Byrne"
<byrnejb at harte-lyne.ca> wrote:
> So, is there any convenient way to construct an IPTables rule to block
> all IPs associated with a given Domain Name server?
Doing DNS queries within the kernel netfilter path would be bad.
You could run a cron job to update an iptables chain periodically with the
results of a dig query. Some Perl could be used to do the query and
generate the iptables commands.
More information about the CentOS
mailing list