Hi folks, my first post here but getting straight down to business with a very specific question:
I'm trying to set up Untangle for one very specific purpose: to block DNS ANY queries from the internet that are running rampant for amplification attacks. BIND doesn't have a control mechanism for this, neither do any of the other firewall solutions that I found because it needs packet content filtering. Untangle seems to cater to that to a tee, but... I can't wrap my brain around RegExs.
The DNS entry in Application Control Lite could probably be adapted to do this, but I need some help with the signature.
DNS ANY is query type 0xFF. What do I need to do to the DNS RegEx signature to only match this query type?