Hi Patrascu!
On Thu, 30 Aug 2001, Patrascu Eugeniu wrote:
>
> >
> > -j REJECT --reject-with tcp-reset ?
>
> asta il rejecteaza pe ala care vrea sa se conecteze la apache, dar
> apache-le tot ramne cu un socket deschis...
>
> > nu bag mana in foc.
>
> bine faci...
bag eu :)
iptables -I INPUT -p tcp --dport 80 -m string --string .ida -m state --state
ESTABLISHED -j REJECT --reject-with tcp-reset
netstat nu arata nici un Apache in FIN_WAIT{1,2} or anythin else.
tocmai l-am testat si merge ok.
BTW, la compilare a trebuit sa fac o mica modificare in libipt_string.c:
- 47 if (strlen(s) <= BM_MAX_LEN) strcpy(info->string, s);
+ 47 if (strlen(s) <= BM_MAX_NLEN) strcpy(info->string, s);
nu exista BM_MAX_LEN.
-- teodor
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
