Michal Martinek írta:
Gáspár Lajos wrote:
Michal Martinek írta:
Hello all,
I am quite a newbie to the netfilter world, so maybe my approach is
naive. I would like to block communication coming from/to some ports
according to the content of packets. Unfortunately these ports are
not static, so port specific netfilter rule cannot be used. So my
question is:
Do you know the STRING module ?
I'm afraid not. Can you give me some explanation (or link)?
Well... :) man iptables...
iptables -A FORWARD -j DROP -p tcp -m string --string 'Some string'
--algo kmp
Is it possible to obtain some address info (source/destination
address and ports) from the packet queued from netfilter?
