On Fri, February 4, 2005 10:23 am, Maxime Ducharme said:
>
> Hello guys
Hiya Maxime!
>
> I have a question about -m string module and
> I think you iptables geeks can answer me :)
I am no geek nor guru ;)
>
> Suppose I want to drop TCP connections with
> specific requests.
>
> Example : a mail which contains the word "sperm",
I don't think iptables is the proper tool for such.
Consider using a mail proxy able to scan message for virus
and such instead.
>
> I'd add a rule like
>
> $IPTABLES -t filter -A FORWARD -p tcp --dport 25 -d OURMAILSERVER \
> -m string --string "sperm" -j DROP
>
> What is the reaction in the TCP connection ?
That packet always gets lost in the black hole.
The sender will keep sending that packet over and over again.
However, I *think* TCP has a timeout mechanism.
>
> The further packets of the same connection get dropped too ?
No
> This would mean the email cannot be sent, and stay in the foreign
> mail server queue for X days ?
My guess is the TCP algorithm would keep trying to send that particular
packet as it didn't get any ACK for that sequence number.
> Would it be the same if I use a REJECT rule ?
No. I think a tcp-reset would do the trick.
>
> Also, can fragmented TCP packets get through this ?
Yes, but that `sperm' word is quite small. Most of the time,
this whole word will stand in a framgented packet.
>
> Thanks in advance
>
> Maxime Ducharme
> Programmeur / Spécialiste en sécurité réseau
>
Bonne journée,
Samuel
NOTE: This email reflects author _thoughts_, not the reality.
I may be totally wrong, so just don't trust me :-)
