Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
question about String
atparreno at yahoo
Aug 24, 2007, 12:50 AM
Post #1 of 2 (2222 views)
Permalink
Hello,

how do i configure that all mp3 extention will block using iptables --string value?

is this correct?

/sbin/iptables -I INPUT -j DROP -p tcp -s 0.0.0.0/0 -m string --string "*.mp3"

thanks



____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
Re: question about String [ In reply to ]
mbr at cipherdyne
Aug 26, 2007, 2:05 PM
Post #2 of 2 (2122 views)
Permalink
On Aug 24, 2007, Allan Parreno wrote:

> Hello,
>
> how do i configure that all mp3 extention will block using iptables --string value?
>
> is this correct?
>
> /sbin/iptables -I INPUT -j DROP -p tcp -s 0.0.0.0/0 -m string --string "*.mp3"

The string match extension does not support wildcard operators; just
strings. An equivalent rule to what you are trying to accomplish above
would be to just remove the "*" from "*.mp3". However, you may find
that this is too broad a rule and that it starts to mess with legitimate
communications since ".mp3" is not a very specific search criteria.

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal