Is iptables string matching still supported?
5,181
Yes, the string extension is still supported (see also your local man iptables-extensions
documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...
Author by
Corey
Updated on September 18, 2022Comments
-
Corey over 1 year
I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using
iptables
. I was wondering:- if string matching is still supported by Linux kernel and iptables/Netfilter
- if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?
I searched the net but most of the links are old, and the book itself is published in 2007.
-
ilkkachu over 6 yearsI very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them
-
Stephen Kitt over 6 yearsBy “filtering layer” I just meant the part of the kernel which handles packet filtering (
iptables
etc.).