OK thanks for the response
I figured the application layer would be the easiest to do it on but I thought it might be interesting to learn how to do it a bit lower with a firewall.
| Linode Forum https://forum.linode.com/ |
|
| string filtering in iptables, needs new kernel? https://forum.linode.com/viewtopic.php?f=19&t=1115 |
Page 1 of 1 |
| Author: | Crisis [ Wed Aug 25, 2004 4:58 pm ] |
| Post subject: | string filtering in iptables, needs new kernel? |
Well I'm trying to filter based on certain strings in packets and I can't get it to work, which led me to sites suggesting I need to recompile my kernel with a few options (netfilter etc) My main question then is more along the lines of how you do this on a linode. I have compiled countless kernels from scratch, but I do not know what be needed on the linode, I have not messed with my kernel and I think you guys use some special kernels, I wouldn't want to disable anythign important. The distro is Gentoo, so how would I go about building a kernel for this box with netfilter? Or maybe someone knows how I can do this without recompiling the kerrnel? Thanks! Thanks! |
|
| Author: | adamgent [ Wed Aug 25, 2004 5:19 pm ] |
| Post subject: | |
On linode you can not run your own kernel. Adam |
|
| Author: | caker [ Wed Aug 25, 2004 5:21 pm ] |
| Post subject: | |
Most, if not ALL of the netfilter options are enabled inside the kernel config, except for those labelled experimental. http://www.linode.com/forums/viewtopic.php?t=1006 Can you tell me which .config options you need specifically? -Chris |
|
| Author: | Crisis [ Thu Aug 26, 2004 8:34 am ] |
| Post subject: | |
Hmm I did a bit of research and it looks like nefilter has patches for the kernel source that you need to patch in for some of these options. Specifically it is: CONFIG_IP_NF_MATCH_STRING which allows you to match a string in a whole packet. Referenced at: http://www.knowplace.org/netfilter/ipt_compile.html#ip2 Not sure if this is doable with the linode kernels but I would really like to find a way to drop packets based on strings in their payload. |
|
| Author: | SteveG [ Thu Aug 26, 2004 6:12 pm ] |
| Post subject: | |
Crisis wrote: ...I would really like to find a way to drop packets based on strings in their payload.
No, you wouldn't. It's unreliable, because it only looks at a packet at a time, and there's no guarantee that the dangerous string "foobar" won't be split across two packets. It can happen accidentally, and the cracker can force it. What you want is a proxy firewall, where you can look at the actual data stream, and parse it properly. |
|
| Author: | Crisis [ Fri Aug 27, 2004 8:27 am ] |
| Post subject: | |
Well for now I achieved what I was trying to do on the application layer, but what would you recommend for a proxy firewall? |
|
| Author: | SteveG [ Sun Aug 29, 2004 10:19 am ] |
| Post subject: | |
Hmmm, I'm not sure there are any free proxy firewalls that can do reject based on the contents of the data stream. Probably you can write add-ins for SOCKS to do it. But if you've solved your problem at the application layer, then you're done: proxy firewalls *are* at the application layer. |
|
| Author: | Crisis [ Mon Aug 30, 2004 10:03 am ] |
| Post subject: | |
OK thanks for the response
I figured the application layer would be the easiest to do it on but I thought it might be interesting to learn how to do it a bit lower with a firewall. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|