[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Blocking of domain strings in iptables

Subject: Blocking of domain strings in iptables
From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
Date: Sat, 8 Feb 2014 18:16:45 +0100
In-reply-to: <CAHsqw9vcmp=2nZ-4H3xdEuzBygHvSSo7R0+JnASTV-o=aFLJQg@mail.gmail.com>
References: <CAJ0+aXawxFrQqr7srOOYX97CyOn-jSHeGQnsXL_yHtUSK2Awvg@mail.gmail.com> <CAHsqw9vcmp=2nZ-4H3xdEuzBygHvSSo7R0+JnASTV-o=aFLJQg@mail.gmail.com>

On Sat, Feb 08, 2014 at 12:34:45AM -0800,
 Jonathan Lassoff <jof at thejof.com> wrote 
 a message of 88 lines which said:

> This is going to be tricky to do, as DNS packets don't necessarily
> contain entire query values or FQDNs as complete strings due to
> packet label compression

Apprently, the OP wanted to match the *question* in a *query* and
these are never compressed (they could, in theory, but are not).

> You can use those u32 module matches to find some known-bad packets
> if they're sufficiently unique, but it simply lacks enough logic to
> fully parse DNS queries.

u32's language is not Turing-complete but It is sufficient in the case
presented here.

References:
- Blocking of domain strings in iptables
  - From: me at anuragbhatia.com (Anurag Bhatia)
- Blocking of domain strings in iptables
  - From: jof at thejof.com (Jonathan Lassoff)

Prev by Date: Blocking of domain strings in iptables
Next by Date: Blocking of domain strings in iptables
Previous by thread: Blocking of domain strings in iptables
Next by thread: Blocking of domain strings in iptables
Index(es):
- Date
- Thread