Hello guys
I have a question about -m string module and
I think you iptables geeks can answer me :)
Suppose I want to drop TCP connections with
specific requests.
Example : a mail which contains the word "sperm",
I'd add a rule like
$IPTABLES -t filter -A FORWARD -p tcp --dport 25 -d OURMAILSERVER \
-m string --string "sperm" -j DROP
What is the reaction in the TCP connection ?
The further packets of the same connection get dropped too ?
This would mean the email cannot be sent, and stay in the foreign
mail server queue for X days ?
Would it be the same if I use a REJECT rule ?
Also, can fragmented TCP packets get through this ?
Thanks in advance
Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau
