On Aug 24, 2007, Allan Parreno wrote: > Hello, > > how do i configure that all mp3 extention will block using iptables --string value? > > is this correct? > > /sbin/iptables -I INPUT -j DROP -p tcp -s 0.0.0.0/0 -m string --string "*.mp3" The string match extension does not support wildcard operators; just strings. An equivalent rule to what you are trying to accomplish above would be to just remove the "*" from "*.mp3". However, you may find that this is too broad a rule and that it starts to mess with legitimate communications since ".mp3" is not a very specific search criteria. -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
