Code: Select all
03-Jan-2022 10:35:58.869 client @0x7f3e2000f190 87.130.xx.xxx#17675 (domain.gov): rate limit slip response to 87.130.xx.0/24 for census.gov IN ANY (1adc3573)
03-Jan-2022 10:35:58.869 client @0x7f3e20016a00 87.130.xx.xxx#17675 (domain.gov): rate limit drop response to 87.130.xx.0/24 for census.gov IN ANY (1adc3573)
Code: Select all
jail.conf
[named-ddos-udp]
enabled = true
port = domain
protocol = udp
filter = named-ddos
action = iptables-multiport[name=named, port=domain, protocol=udp]
logpath = /var/log/named/named.log
bantime = 86400
maxretry = 3
Code: Select all
named-ddos.conf
[Definition]
_daemon=named
__pid_re=(?:\[\d+\])
__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
__line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
failregex = %(__line_prefix)sinfo: client <HOST>.*: rate limit slip .*
ignoreregex =