iptable rule to drop packet with a specific substring in payload

StackOverflow https://stackoverflow.com/questions/825481

  •  05-07-2019
  •  | 
  •  

Question

I am trying to write rules to drop any packet, irrespective if it is outgoing, incoming or being forwarded, which has a specific sub string in the TCP or UDP payload.

How am I suppose to do that?

Was it helpful?

Solution

You'd need a kernel compiled with Netfilter "String match support" enabled.

Then you can 

iptables -A INPUT -m string --algo bm --string "test" -j DROP
iptables -A OUTPUT -m string --algo bm --string "test" -j DROP
iptables -A FORWARD -m string --algo bm --string "test" -j DROP

Check the result wth

iptables -L
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top