Drop packets in iptables with string matching

From Wiki
Jump to: navigation, search

iptables examples.

List rules with line numbers:

iptables -nL --line-numbers

Delete rule:

iptables --delete <chain> <rule number>

String matching

Send packets matching a string to a new chain. These packets can then be dropped using the -m recent module.

iptables -N w00t
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string 'User-Agent: Bittorrent' -j w00t
iptables -A w00t -j DROP

Drop packets containing a certain string using the "-m string option". For example:

/sbin/iptables -I INPUT -p tcp --dport 25 -m string --algo bm --string 'ylmf-pc' -j DROP
/sbin/iptables -I INPUT -p tcp --dport 110 -m string --algo bm --string 'ylmf-pc' -j DROP
/sbin/iptables -I INPUT -p tcp --dport 143 -m string --algo bm --string 'ylmf-pc' -j DROP