Re: iptables anti-nimda anyone?

From: Sven Michels (smichels@intradat.com)
Date: 09/21/01


Message-ID: <3BAB0701.FDF3DEC9@intradat.com>
Date: Fri, 21 Sep 2001 11:23:13 +0200
From: Sven Michels <smichels@intradat.com>
To: Konrad Michels <konrad@overnetdata.com>
Subject: Re: iptables anti-nimda anyone?

Konrad Michels wrote:
>
> Hi everyone
> I don't suppose one of our iptables gurus out there has an iptables rule
> to filter out this damn nimda thing? I'm really annoyed about it
> filling up my apache logz and would love to drop the packets 'ere they
> get to the apache server . . .
if you've patched the kernel with string match support: yes:
$IPTABLES -I INPUT -p tcp --dport 80 -m string --string .exe? -m state \
--state ESTABLISHED -j REJECT --reject-with tcp-reset
(same works wizh .ida for the old one)

HTH

-- 
intraDAT AG                     http://www.intradat.com
Wilhelm-Leuschner-Strasse 7         Tel: +49 69-25629-0
D - 60329 Frankfurt am Main       Fax: +49 69-25629-256