I've always wondered something about the string matching, but never having used it, I haven't researched it enough to know... Wouldn't netfilter also see the string "KazzaClient" in this email message? I can imagine how that might cause problems if the string matching rules aren't well crafted. I see in the example posted by Tomasz Wrona that it only applies to tcp packets forwared from the internal interface, narrowing the focus qiute a bit. But wouldn't that also block an email message having that string if sent from an internal machine? Of course, the sender of that message may have indeed sent it from a client on his internal network, and since I'm reading it, it must have worked as intended. I imagine placing a string matching rule, like the example, _after_ rules which accept other legitimate traffic (like smtp) would work completely fine. Looking for eduction on the topic. Darrell Dieringer - Madison, WI > -----Original Message----- > From: netfilter-admin@lists.netfilter.org > [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of > Tomasz Wrona > Sent: Thursday, January 09, 2003 11:04 AM > To: netfilter@lists.samba.org > Cc: lartc@mailman.ds9a.nl > Subject: Kaaza 2 jammer. > > > Hello, > > Some people asked about matching [blocking] Kaaza 2 sessions. > So try this simple rule: > > iptables -I FORWARD -i $internal_interface -p tcp -m string > --string "KazaaClient" -j REJECT --reject-with tcp-reset > [Or maybe worth to try -j TARPIT] > > In above rule I don't specify separate ports due to dynamic > port allocation. > This rule works fine, catches and reset completly Kaaza 1 and 2 > versions. > > > Regards, > tw
