Linux 下丢弃 DNS 伪包

2012-08-12 – 12:22 上午 --- 8,481 次阅读
iptables -N dnsfilter -t mangle
iptables -t mangle -I dnsfilter -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0x042442b2,0x0807c62d,0x253d369e,0x2e52ae44,0x3b1803ad,0x402158a1,0x4021632f,0x4042a3fb,0x4168cafc,0x41a0db71" -j DROP
iptables -t mangle -I dnsfilter -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0x422dfced,0x480ecd63,0x480ecd68,0x4e10310f,0x5d2e0859,0x80797e8b,0x9f6a794b,0xa9840d67,0xc043c606,0xca6a0102" -j DROP
iptables -t mangle -I dnsfilter -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xcab50755,0xcb620741,0xcba1e6ab,0xcf0c5862,0xd0381f2b,0xd1244921,0xd1913632,0xd1dc1eae,0xd35e4293,0xd5a9fb23" -j DROP
iptables -t mangle -I dnsfilter -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xd8ddbcb6,0xd8eab30d,0xf3b9bb27,0x4a7d7f66,0x4a7d9b66,0x4a7d2771,0x4a7d2766,0xd155e58a" -j DROP
iptables -t mangle -I PREROUTING -m udp -p udp --sport 53 -j dnsfilter

适用于基于 Linux 系统的路由器,Tomato,DD-WRT,OpenWRT 等,把脚本丢到路由器启动脚本里面即可。 :evil:

点击显示引用框
引用本文,复制粘贴...

点击可把本文加入多个网络分享站点
  1. 2 个评论 “Linux 下丢弃 DNS 伪包”

  2. 正确的脚本:
    iptables -I INPUT -p udp -m udp --sport 53 -m u32 --u32 "u32string" -j DROP
    iptables -I INPUT -p udp -m udp --sport 53 -m u32 --u32 "u32string" -j DROP

    By Beta on Nov 8, 2013

  3. 我日,我改帖子居然把数据库搞坏了,不是这么邪门吧。。。

    By AvP on Nov 9, 2013

您必须 登录 才能发表评论.