User Tools

Site Tools


docu:csheet:net:iptables:block_packets_by_content

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
docu:csheet:net:iptables:block_packets_by_content [2021/02/02 11:03]
admin created
docu:csheet:net:iptables:block_packets_by_content [2021/02/02 11:04] (current)
admin
Line 4: Line 4:
 \\ \\
  
-In this example, we block the output to a syslog endpoint that contains "closed keepalive connection"+In this example, we **block the output to a syslog UDP endpoint** that contains "closed keepalive connection"
 <code bash> <code bash>
 iptables -I OUTPUT -p udp --dport 514 -m string --string "closed keepalive connection" --algo kmp -j DROP iptables -I OUTPUT -p udp --dport 514 -m string --string "closed keepalive connection" --algo kmp -j DROP
 </code> </code>
 +
 +Use **-m string --string STRING --algo kmp** the times you need to match multiple strings in the same packet.
docu/csheet/net/iptables/block_packets_by_content.1612263789.txt.gz · Last modified: 2021/02/02 11:03 by admin