Hi,
i am trying to write rules to drop any packet, irrespective if it is outgoing, incoming or being forwareded, which has a specific sub string in the tcp or udp payload, how am i suppose to do that?
A:
Not sure this is the right place to be asking questions about systems administration however you might find the following helpful.
Dean Smith
2009-05-05 15:53:30
+2
A:
You'd need a kernel compiled with Netfilter "String match support" enabled.
Then you can
iptables -A INPUT -m string --algo bm --string "test" -j DROP
iptables -A OUTPUT -m string --algo bm --string "test" -j DROP
iptables -A FORWARD -m string --algo bm --string "test" -j DROP
Check the result wth
iptables -L
Andomar
2009-05-05 17:26:30
hi, i m using ubuntu kernel 2.6.8.11 kernel. i m trying to write some worm filtering utility on application layer using libpcap library. I set the above rules , but still not able to drop packets.do i need to install string matching support to iptables or is it present by default. is there any way to check it?
Kazoom
2009-05-06 03:49:01
The iptables command would give an error if the module is not present, like "cannot open shared object file: No such file or directory". You could use a logging rule to see if the packets match the rule, for example: iptables -A INPUT -m string --string "test" -j LOG --log-level info --log-prefix "iptables-string-match"
Andomar
2009-05-06 10:52:17