Trying to understand dynamic rules

[Francisco Reyes]

Oliver Fromme olli at lurza.secnetix.de wrote:


>It's possible, but it's probably _not_ a good idea, because
>an attacker can easily perform a denial-of-service attack
>against your machine.  For example, he can make several
>connection attempts to your machine, using -- say -- the IP
>addresses of your DNS servers as source IPs

Thanks for the warning. Noted.

How would such a rule look like?
Although in this particular scenario I agree with you I do think it may be 
a usefull rule to know.

Please CC since I am not on the list.