|
@@ -54,8 +54,10 @@ add rule inet filter OUTPUT tcp sport 32768-65535 tcp dport 43 counter accept
|
|
|
# DNS
|
|
# DNS
|
|
|
add rule inet filter OUTPUT udp sport 1024-65535 udp dport 53 counter accept
|
|
add rule inet filter OUTPUT udp sport 1024-65535 udp dport 53 counter accept
|
|
|
add rule inet filter OUTPUT tcp sport 32768-65535 tcp dport 53 counter accept
|
|
add rule inet filter OUTPUT tcp sport 32768-65535 tcp dport 53 counter accept
|
|
|
-add rule inet filter INPUT udp sport 1024-65535 udp dport 53 counter accept
|
|
|
|
|
-add rule inet filter INPUT tcp sport 32768-65535 tcp dport 53 counter accept
|
|
|
|
|
|
|
+add rule inet filter INPUT meter DNSTHROTTLE_UDP_INGRESS { ip saddr and 255.255.255.0 timeout 60s limit rate 30/minute burst 10 packets} udp sport 1024-65535 udp dport 53 counter accept
|
|
|
|
|
+add rule inet filter INPUT meter DNSTHROTTLE_TCP_INGRESS { ip saddr and 255.255.255.0 timeout 60s limit rate 30/minute burst 10 packets} tcp sport 32768-65535 tcp dport 53 counter accept
|
|
|
|
|
+#add rule inet filter INPUT udp sport 1024-65535 udp dport 53 counter accept
|
|
|
|
|
+#add rule inet filter INPUT tcp sport 32768-65535 tcp dport 53 counter accept
|
|
|
|
|
|
|
|
# DHCP client
|
|
# DHCP client
|
|
|
add rule inet filter INPUT ip daddr 255.255.255.255 udp sport 67 udp dport 68 counter accept
|
|
add rule inet filter INPUT ip daddr 255.255.255.255 udp sport 67 udp dport 68 counter accept
|
root