iptables libipq: DNS payload inspection

• In many firewall configurations it's common to blindly allow UDP source port 53 packets, for DNS

• It is unfortunately also common for black hats to use UDP source port 53 packets to bypass many common firewalls

• iptables can be extended using libipq and perl's Net::DNS::Packet module to perform payload inspection

• First, configure iptables:

$ modprobe ip_queue $ iptables -A INPUT -p udp --sport domain -j QUEUE