如何在dns 上使用iptablse 阻擋惡意domain

/tmp/malice_domain_today 這個檔案是惡意domain的list

#!/bin/bash

IFS=.

while read line
do

        echo -n '/usr/sbin/iptables -A INPUT -p udp --dport 53 -m string --hex-string "'

        for i in $line
        do

                echo -n "\|"
                echo -n ${#i}
                echo -n "\|"
                echo -n $i

        done
        echo '" --algo bm -j DROP'
done < /tmp/malice_domain_today > /tmp/iptables_block_command

/usr/sbin/iptables -F
/usr/sbin/iptables -X

/usr/bin/bash /tmp/iptables_block_command




https://www.perturb.org/display/1186_Linux_Block_DNS_queries_for_specific_zone_with_IPTables.html?utm_source=linuxnewssite.com