Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to achieve string matching in iptables". In daily operation, I believe many people have doubts about how to achieve string matching in iptables. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to achieve string matching in iptables". Next, please follow the editor to study!

String matching based on iptables

Category: SHELL&linux order 2012-07-03 18:25 3172 people read comments (0) favorite report

Stringinputtcpoutputhexlinux

Filter by matching domain names with string. Examples are as follows:

Iptables-I OUTPUT-p tcp-m string-- string "qq.com"-- algo bm-j DROPiptables-I OUTPUT-p udp-m string-- string "qq.com"-algo bm-j DROP

This makes it impossible to access QQ-related business, but the agent still seems to be able to

System requirements:

1: kernel is above 2.6.18

2:iptables is above 1.3.5

3: the kernel contains a string matching module. Should be in the .config file

CONFIG_NETFILTER_XT_MATCH_STRING=m

Man manual iptables-m string-helpstring This modules matches a given string by using somepattern matching strategy. It requires a linux kernel > = 2.6.14. -- algo bm | kmp Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris)-from offset Set the offset from which it starts looking for anymatching. If not passed, default is 0. -- to offset Set the offset to which it starts looking for anymatching. If not passed, default is the packet size. -- string pattern Matches the given pattern. -- hex-string patternMatches the given pattern in hex notation. Common applications and useful examples Rule 1: methods to prevent * *: iptables-I INPUT 1-p tcp-- dport 80-m string-- string "cmd.exe"-- algo bm-j DROPiptables-I INPUT-j DROP-p tcp-s 0.0.0.0 impulse 0-m string-- algo kmp-- string "cmd.exe" 2: protect DDOS service iptables-I INPUT 1-p tcp-- dport 80-m string-- string "domain.com" "--algo kmp-j DROP3: prevent email spoofing iptables-I INPUT-p tcp-- dport 25-m string-- string" Subject "--algo bm-j DROP do an optimal rule iptables-I INPUT-p tcp-- dport 25-m string-- string" Subject "--algo bm-- to 15000-j DROP here The study on "how to achieve string matching in iptables" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.