TechQA.

How can you filter packets by content using native Linux tools such as netfilter?

2k views Asked by At

I am aware that you can use netfilter to filter out packets based on address, protocol, and other things. My question is can you use netfilter (or some other native Linux utility) that will allow you to filter packets based on content. The filtering should be done on the client side, which is running linux with root access.

For example (for purposes of this discussion), let's say I would like to DROP all incoming UDP packets that have the word "porn" in the body of the packet (assume no compression, no ssl, and we are only trying to catch packets with this word in ASCII/plain-text in body of packet). Is there a way to create a iptable, netfilter, related rule to drop these incoming UDP packets?

linux sockets networking tcp netfilter
Original Q&A
2

There are 2 answers

0
Jon Ander Ortiz Durántez On

You can use the iptables string module to look for an string anywhere in the packet (including the headers).

For example, to filter the example you have pointed:

 iptables -I INPUT -p udp -m string --string "porn" --algo bm -j DROP

More info about this usefull module here.

0
ubercracker On

The kpcre module allows of packet content filtering using regular expressions.

For example, to filter the example you have pointed:

    iptables -I INPUT -p udp -m string --string "/porn/i" --algo regex -j DROP

The string "/porn/i" denotes case insensitive "porn" string.

Related Questions in LINUX

Related Questions in SOCKETS

Related Questions in NETWORKING

Related Questions in TCP

Related Questions in NETFILTER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions