Tom Eastep wrote: > add_rule $chainref, q(-m string --algo kmp --from 2 --hex-string > "|010000010000000000000000020001|" -j DROP)
I misunderstood how string match works. The following rule restricts the
match to exactly the place in the message where the tell-tale pattern
occurs:
add_rule $chainref, q(-m string --algo bm --from 29 --to 30
--hex-string "|010000010000000000000000020001|" -j DROP);
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
