-m string --string you have to specify which module to use "-m string" and then it's parameter "--string findthis" Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: juanca [mailto:juanca@xxxxxxxxxx] Sent: Tuesday, July 29, 2003 7:42 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: kazaa rulset iptables -A INPUT -s kazaa.com -p tcp -j DROP iptables -A INPUT -d kazaa.com -p tcp -j DROP iptables -A INPUT -s kazaa.com -p udp -j DROP iptables -A INPUT -d kazaa.com -p udp -j DROP iptables -A FORWARD -s 0/0 -p tcp --dport 1214 -j REJECT iptables -A FORWARD -d 213.248.112.0/24 -j REJECT iptables -A FORWARD -d 206.142.53.0/24 -j REJECT iptables -A OUTPUT -p tcp --dport 1214 -j DROP iptables -A OUTPUT -p udp --dport 1214 -j DROP iptables -A INPUT -p tcp --sport 1214 -j DROP iptables -A INPUT -p udp --sport 1214 -j DROP iptables -A FORWARD -p tcp --dport 1214 -j DROP iptables -A FORWARD -p udp --dport 1214 -j DROP iptables -A OUTPUT -p tcp --dport 8000:8999 -j DROP iptables -A OUTPUT -p udp --dport 8000:8999 -j DROP iptables -A OUTPUT -p tcp -d 66.80.62.34 -j DROP iptables -A OUTPUT -p tcp -d 205.188.245.120 -j DROP iptables -A OUTPUT -p tcp -d 64.12.168.244 -j DROP iptables -A OUTPUT -p tcp -d 66.218.70.39 -j DROP iptables -A OUTPUT -p tcp -d 64.245.54.0/24 -j DROP iptables -A FORWARD -d a64-124-29-52.deploy.akamaitechnologies.com -j REJECT iptables -A FORWARD -d 64.124.29.52 -j REJECT iptables -A FORWARD -d 64.230.160.147 -j REJECT iptables -A FORWARD -d 68.83.112.75 -j REJECT iptables -A FORWARD -d 68.60.210.234 -j REJECT iptables -A FORWARD -d 207.112.54.21 -j REJECT iptables -A FORWARD -d 64.230.160.147 -j REJECT iptables -A FORWARD -d 61.218.91.171 -j REJECT iptables -A FORWARD -d 61.218.91.171 -j REJECT iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP iptables -A FORWARD -p udp --dport 6346:6347 -j DROP iptables -A FORWARD -p tcp --dport 4660:4666 -j DROP iptables -A FORWARD -p udp --dport 4660:4666 -j DROP iptables -I FORWARD -i eth0 -p tcp -m string --string "KazaaClient" -j REJECT --reject-with tcp-reset iptables -I FORWARD -p tcp -m string --string "KazaaClient" -j REJECT --reject-with tcp-reset iptables -I FORWARD -p tcp -m string --string "KazaaClient" -j REJECT --reject-with tcp-reset iptables -A FORWARD -d a342.g.akamai.net -p tcp tcp -j DROP iptables -A FORWARD -d a342.g.akamai.net -p tcp udp -j DROP iptables -A FORWARD -d 63.208.194.47 -j REJECT iptables -A FORWARD -d 63.208.194.6 -j REJECT iptables -A FORWARD -d 206.142.53.0/24 -j REJECT iptables -A FORWARD -d 213.248.112.0/24 -j REJECT iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j REJECT --reject-with tcp-reset iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j REJECT --reject-with tcp-reset iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j REJECT --reject-with tcp-reset iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j REJECT --reject-with tcp-reset iptables -A FORWARD -m string --string "Kazaa" -j REJECT --reject-with tcp-reset iptables -t mangle -A PREROUTING -p tcp -m --string "Kazaa" -j DROP iptables -A FORWARD -m state --state NEW,INVALID -j REJECT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -m string --string "Kazaa" -j DROP this is my rulset but get this message when run the script what`s wrong? iptables: No chain/target/match by that name iptables: No chain/target/match by that name Bad argument `tcp' Try `iptables -h' or 'iptables --help' for more information. Bad argument `udp' Try `iptables -h' or 'iptables --help' for more information. iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables v1.2.6a: Couldn't load match `--string':/lib/iptables/libipt_--string.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. iptables: No chain/target/match by that name
