Re: iptables anti-nimda anyone?

From: Sven Michels (smichels@intradat.com)
Date: 09/21/01


Message-ID: <3BAB0701.FDF3DEC9@intradat.com>
Date: Fri, 21 Sep 2001 11:23:13 +0200
From: Sven Michels <smichels@intradat.com>
To: Konrad Michels <konrad@overnetdata.com>
Subject: Re: iptables anti-nimda anyone?

Konrad Michels wrote:
>
> Hi everyone
> I don't suppose one of our iptables gurus out there has an iptables rule
> to filter out this damn nimda thing? I'm really annoyed about it
> filling up my apache logz and would love to drop the packets 'ere they
> get to the apache server . . .
if you've patched the kernel with string match support: yes:
$IPTABLES -I INPUT -p tcp --dport 80 -m string --string .exe? -m state \
--state ESTABLISHED -j REJECT --reject-with tcp-reset
(same works wizh .ida for the old one)

HTH

-- 
intraDAT AG                     http://www.intradat.com
Wilhelm-Leuschner-Strasse 7         Tel: +49 69-25629-0
D - 60329 Frankfurt am Main       Fax: +49 69-25629-256



Relevant Pages

  • Re: iptables udp and output
    ... Didn't your distro include iptables? ... to compile from source? ... the implied "-t filter". ... where you had to specify what you wanted to block. ...
    (comp.os.linux.security)
  • Re: Better iptables firewall
    ... Personally, lesser is your configuration, better is your security. ... iptables -t filter -F ...
    (Debian-User)
  • Re: OT iptables question
    ... > I'm updating a RH ipchains packet filter script from the dim past to ... > I noticed that when I specified the network the host is on, ... > the rule, and iptables seems to take it, and the chain seems to work. ... > filter on the DMZ, and I'd like to do it as rigorously as I can. ...
    (Debian-User)
  • Re: Firewall with Iptables
    ... accept packets in the ESTABLISHED and RELATED states too, ... rule at the beginning of the chain accepting packets in the ESTABLISHED ... iptables -t filter -P FORWARD DROP ...
    (comp.os.linux.networking)
  • Linux iptables masq and port forwarding issue - probs fixed
    ... I was having troubles port forwarding to my main system a few main ... as well as running the MASQ on a private lan. ... $IPTABLES -t filter -P INPUT ACCEPT ...
    (comp.os.linux.security)