Date: 2010-06-29 01:38:05 +0000 (Tue, 29 Jun 2010)
disabling entirely named-refused-udp jail with a big fat warning
--- trunk/config/jail.conf 2010-06-29 01:34:08 UTC (rev 761)
+++ trunk/config/jail.conf 2010-06-29 01:38:05 UTC (rev 762)
@@ -212,15 +212,23 @@
# in your named.conf to provide proper logging.
# This jail blocks UDP traffic for DNS requests.
+# !!! WARNING !!!
+# Since UDP is connectionless protocol, spoofing of IP and immitation
+# of illegal actions is way too simple. Thus enabling of this filter
+# might provide an easy way for implementing a DoS against a chosen
+# victim. See
+# Please DO NOT USE this jail unless you know what you are doing.
+# enabled = false
+# filter = named-refused
+# action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
+# sendmail-whois[name=Named, dest=you@...]
+# logpath = /var/log/named/security.log
+# ignoreip = 22.214.171.124
-enabled = false
-filter = named-refused
-action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
- sendmail-whois[name=Named, dest=you@...]
-logpath = /var/log/named/security.log
-ignoreip = 126.96.36.199
# This jail blocks TCP traffic for DNS requests.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
Get latest updates about Open Source Projects, Conferences and News.