pentru asta e nevoie de patch care sa stie de "string". http://www.netfilter.org/documentation/pomlist/pom-extra.html#string
=== cut here === string [string.patch] [string.patch.config.in] [string.patch.configure.help] [string.patch.help] [string.patch.makefile] Author: Emmanuel Roger <[EMAIL PROTECTED]> Status: Working, not with kernel 2.4.9 This patch adds CONFIG_IP_NF_MATCH_STRING which allows you to match a string in a whole packet. THIS PATCH DOES NOT WORK WITH KERNEL 2.4.9 !!! === and here === > iptables -A FORWARD -m string --string SSH-1.99 -j DROP > iptables -A FORWARD -m string --string SSH-2 -j DROP > > -- > esti un ursulet roz > > On Mon, 7 Jul 2003, Irimia Suleapa wrote: > >> ... presupun ca nu cunosc ce port ssh/telnet este deschis pe masina >> respectiva >> >> ----- Original Message ----- >> From: "Andrei Stanescu" <[EMAIL PROTECTED]> >> To: <[EMAIL PROTECTED]> >> Sent: Monday, July 07, 2003 1:23 PM >> Subject: [rlug] Re: SSH/Telnet Filtre. >> >> >> > iptables -I FORWARD -s 192.168.0.0/24 --dport 22,23 -j ...... >> > >> > ----- Original Message ----- >> > From: "Irimia Suleapa" <[EMAIL PROTECTED]> >> > To: <[EMAIL PROTECTED]> >> > Sent: Monday, July 07, 2003 12:47 PM >> > Subject: [rlug] SSH/Telnet Filtre. >> > >> > >> > > Salut. >> > > Sa zicem situatia urmatoare: >> > > >> > > SERVER ------------- NAT --------------- RETEA (192.168.0.10, 11, >> 12) >> > > EXT-10.10.10.1 >> > > INT-192.168.0.1/24 >> > > >> > > 1. Cum as putea filtra toate pachetele ce vin din retea catre orice >> > destinatie pe orice port deschis tip ssh sau telnet ? >> > > >> > > Numai bine. >> > > >> > >> > >> > >> >> > > > -- Sorin CONSTANTINESCU [EMAIL PROTECTED] Linux Registered User #222086
