Mailing List Archive: iptables: User

question about String

Index | Next | Previous | View Threaded

atparreno at yahoo

Aug 24, 2007, 12:50 AM

Post #1 of 2 (877 views)
Permalink

question about String

Hello,

how do i configure that all mp3 extention will block using iptables --string value?

is this correct?

/sbin/iptables -I INPUT -j DROP -p tcp -s 0.0.0.0/0 -m string --string "*.mp3"

thanks

____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC

mbr at cipherdyne

Aug 26, 2007, 2:05 PM

Post #2 of 2 (807 views)
Permalink

Re: question about String [In reply to]

On Aug 24, 2007, Allan Parreno wrote:

> Hello,
>
> how do i configure that all mp3 extention will block using iptables --string value?
>
> is this correct?
>
> /sbin/iptables -I INPUT -j DROP -p tcp -s 0.0.0.0/0 -m string --string "*.mp3"

The string match extension does not support wildcard operators; just
strings. An equivalent rule to what you are trying to accomplish above
would be to just remove the "*" from "*.mp3". However, you may find
that this is too broad a rule and that it starts to mess with legitimate
communications since ".mp3" is not a very specific search criteria.

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads