X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/firewall/blobdiff_plain/d6dd88f5fe5213e6d5bdf944791e331edf283426..83610d8aa07970a77bcb27f0cffe9db38b09cc1d:/vampire.m4

diff --git a/vampire.m4 b/vampire.m4
index 13e37bd..3a389ca 100644
--- a/vampire.m4
+++ b/vampire.m4
@@ -37,6 +37,12 @@ m4_divert(-1)
 ### vampire-specific rules.
 
 m4_divert(82)m4_dnl
+## Repelling evil DDos attack.
+run ipset -N ddos-evil-dns iphash 2>/dev/null || :
+run iptables -A inbound -j DROP \
+	-m set --set ddos-evil-dns src \
+	-p udp --destination-port $port_dns
+
 ## Externally visible services.
 allowservices inbound tcp \
 	finger ident \