IPtables string match for some URLs

linux networking centos iptables firewall
7,110

It looks like you're trying to do something significantly more complicated than I think you want.

What you're asking for:

Block a specific string in the payload (layer 7) of a packet. This will prevent someone from sending an email or IM mentioning a string "linuxcore", or from posting comments in forums about it.

What I think you want:

Redirect packets destined for any IP address resolved by the name domain.com and destined for port 8888 to port 7777.

I'll assume what I think you want, since the former doesn't make very much sense. I am also assuming that you're not interested in matching "foo.domain.com". Remember that it's ip tables, not dns tables.

In this case, lines 1, 2 and 4 are unnecessary. And you don't want string matching. iptables is smart enough to turn names into the appropriate IP addresses and multiplex the rules as necessary. Furthermore, since you're using PREROUTING, know that this will only match coming into your system, not packets leaving your system (if you want to match packets leaving you need to use OUTPUT, or alternatively have one of each).

That rule would look like this:

iptables -t nat -A PREROUTING -d domain.com -p tcp --dport 8888 -j REDIRECT --to-ports 7777
Share:
7,110

Related videos on Youtube

linuxcore
Author by

linuxcore

Updated on September 18, 2022

Comments

  • linuxcore
    linuxcore over 1 year

    I'm trying to write iptables string match rule to block http://example.com:8888 and https://example.com:8888 when it matches the supplied string in the rule. And another rule to redirect the ports also from 8888 to 7777.

    I tried following rules but unfortunately didn't work:

    iptables -A INPUT -p tcp -s 0.0.0.0/0 -m string --string linuxcore --algo bm --sport 8888 -j DROP
iptables -t raw -A PREROUTING -m string --algo bm --string linuxcore -p tcp -i eth0 --dport 8888 -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j REDIRECT --to-port 7777
iptables  -A INPUT -t nat -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j DROP
    • phemmer
      phemmer almost 12 years
      You can't do a string block on https, its encrypted.
    • linuxcore
      linuxcore almost 12 years
      @Patrick What about the rule used for http .?
    • Mike Pennington
      Mike Pennington almost 12 years
      @linuxcore, you are trying to drive a nail with a screwdriver. Do not block URLs with iptables... block URLs with a proxy like privoxy or squid.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What prevents a machine from responding to pings?
TCP connect: No route to host
How to use iptables to allow traffic only through ONE SPECIFIC VPN
blocking port 80 via iptables
How to use FQDN in firewall rules for GNU/Linux?
iptables blocking from internet side on eth1?
Difference between iptables default policy to `DROP` and inserting a seperate policy in input chain to DROP all connections
iptables reject-with icmp-host-prohibited
Source Based Policy Routing & NAT (DNAT/SNAT) aka Multi WANs on CentOS 5
How forward packets from network interface to another