For me, most all of the bad stuff is coming in via the spoofed ampr gateway address of 169.228.66.251
When you see internet traffic as bad stuff, you will receive a lot of it from that address, but most of it will not be spoofed. It is traffic from internet to your AMPRnet address(es) that is being relayed, the intended purpose of amprgw.
Maybe there should be a separate filter for incoming traffic via the gateway. We have that on our gateway: a local AMPRnet user can indicate if they want to receive incoming connects from internet and they are placed in a bitmap ipset similar to the bitmap created from the DNS hosts. By default they are not in that map, and only replies to outgoing traffic are allowed. Of course this is only possible because we run connection tracking on our gateway, which is probably not done on amprgw. It keeps out a lot of junk.
A simple version without connection tracking could block incoming TCP SYN and maybe some UDP traffic to ports like 53 and 161 and others. That would still mean there has to be some registration capability to turn this on/off per address. DNS is already used to control the strict allow/deny per address, so it cannot be used for this.
Rob