==== Block TCP/UDP packets by string content using iptables ====

On *nix we can use **iptables to block packets by it's clear content or string**. This won't work on encrypted connections (unless you match an exact string that repeats on the encrypted connection)
\\

In this example, we **block the output to a syslog UDP endpoint** that contains "closed keepalive connection"
<code bash>
iptables -I OUTPUT -p udp --dport 514 -m string --string "closed keepalive connection" --algo kmp -j DROP
</code>

Use **-m string --string STRING --algo kmp** the times you need to match multiple strings in the same packet.