Re: Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Always Learning <centos@xxxxxxxxxxx>]

On Wed, 2011-08-31 at 09:11 -0700, John R Pierce wrote:

> iptables will filter on packet headers and such at layer 3, it can't
> and won't analyze the content of packets, regardless of your emotional
> attachments.

I believe IP Tables '-m string' will. If you think the custodians and
maintainers of IP Tables are making untrue claims, you may wish to
acquaint them with your disbelieve. However it might be prudent for you
to read the following before telling the IP Tables folks they are wrong.


http://www.netfilter.org/ Net Filter : The Home of IP Tables

http://ipset.netfilter.org/iptables.man.html The IP Tables Manual

http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html Frozentux : Detailed Technical Explanation of TCP/UCP and IP Tables (2006)

http://wiki.archlinux.org/index.php/Simple_stateful_firewall_HOWTO Arch Linux : How To

http://wiki.centos.org/HowTos/Network/IPTables Centos How-To : IP Tables

http://www.centos.org/docs/5/html/5.2/Deployment_Guide/ch-iptables.html Centos Deployment Guide : Section 43.9


> I said precisely.  computers don't understand 'deliberate' vs 'typing 
> error', those are subjective measures.

Wrong. Some can be determined by machine searching for 'known' invalid
URL strings which are not remotely similar to valid web page names.
Obviously this is site dependant. For example which accidentally typed
URL contains login.php or password.php when nothing like those names are
used in valid web page names ?





-- 
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos