Question about -m string module
Maxime Ducharme
mducharme at cybergeneration.com
Fri Feb 4 16:23:57 CET 2005
Hello guys
I have a question about -m string module and
I think you iptables geeks can answer me :)
Suppose I want to drop TCP connections with
specific requests.
Example : a mail which contains the word "sperm",
I'd add a rule like
$IPTABLES -t filter -A FORWARD -p tcp --dport 25 -d OURMAILSERVER \
-m string --string "sperm" -j DROP
What is the reaction in the TCP connection ?
The further packets of the same connection get dropped too ?
This would mean the email cannot be sent, and stay in the foreign
mail server queue for X days ?
Would it be the same if I use a REJECT rule ?
Also, can fragmented TCP packets get through this ?
Thanks in advance
Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau
More information about the netfilter
mailing list