Block DNS ANY queries in Docker iptables

You can use the DOCKER-USER chain to pass any custom iptables rules you want.

In my case, I run a DNS resolver publicly and want to prevent it from being abused in DNS amplification attacks.

I use the following:

iptables -I DOCKER-USER -p udp --dport 53 -m string --hex-string "|0000FF0001|" --algo bm --from 40 -j DROP
iptables -I DOCKER-USER -p tcp --dport 53 -m string --hex-string "|0000FF0001|" --algo bm --from 52 -j DROP

Thanks for reading this post!

Did you find an issue in this article?

- click on the following Github link
- log into Github with your account
- click on the line number containing the error
- click on the "..." button
- choose "Reference in new issue"
- add a title and your comment
- click "Submit new issue"

Your feedback is much appreciated! πŸ€œπŸΌπŸ€›πŸΌ

You can also drop me a line below!