Re: iptables --string-replace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 17, 2011 at 09:43:27AM +1100, Ben K wrote:
> I'd like to be able to mangle strings passing through my home 
> router running Openwrt in order to modify/anonymize user-agent 
> strings. I believe a patch further extending the iptables string 
> extension by providing string replace functionality was submitted 
> by Michael Rash back in 2004 (archived at 
> http://www.spinics.net/lists/netfilter/msg23791.html). This would 
> be ideal as I could then mangle user-agent headers without eg 
> needing to run an http proxy.

I don't see why that's ideal. The proxy solution seems like the 
ideal, to me. While an openwrt router might not have the horsepower 
needed, neither does it have the horsepower you'll need for string 
matching. You're going to have to throw more hardware at this 
problem, however you might proceed.

> (BTW what's with the mailing list rejecting HTML emails?! Are we
> living in 2001?)

HTML posting on mailing lists is very rude. I usually ignore them. 
Gmail's implementation of it is particularly bad, converting many 
arbitrary strings into HTTP URI's.
-- 
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux