Guys, Do you guys recommend adding this to the firewall set for the issue with bind (DNS)? iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5' How can I add this to the firewall rule set. The issue is list below. BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately. Our hosting provider seems to come under DoS attack too at the same time and their DNS server went down for couple of hours. So you may see some part of our site may not working, especially our css, js and image files comes from our service providers servers which are affected by BIND server problem. -- ---------------------------------------- Old utilities do not die they just slowly fade away! ----------------------------------------- OpenSUSE -- http://en.opensuse.org/User:Terrorpup OpenSuSE Ambassador OpenSuSE Member Skype -- terrorpup twitter -- terrorpup -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org