[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Always Learning
centos at u61.u22.net
Wed Aug 31 16:32:33 UTC 2011
On Wed, 2011-08-31 at 09:11 -0700, John R Pierce wrote:
> iptables will filter on packet headers and such at layer 3, it can't
> and won't analyze the content of packets, regardless of your emotional
> attachments.
I believe IP Tables '-m string' will. If you think the custodians and
maintainers of IP Tables are making untrue claims, you may wish to
acquaint them with your disbelieve. However it might be prudent for you
to read the following before telling the IP Tables folks they are wrong.
http://www.netfilter.org/ Net Filter : The Home of IP Tables
http://ipset.netfilter.org/iptables.man.html The IP Tables Manual
http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html Frozentux : Detailed Technical Explanation of TCP/UCP and IP Tables (2006)
http://wiki.archlinux.org/index.php/Simple_stateful_firewall_HOWTO Arch Linux : How To
http://wiki.centos.org/HowTos/Network/IPTables Centos How-To : IP Tables
http://www.centos.org/docs/5/html/5.2/Deployment_Guide/ch-iptables.html Centos Deployment Guide : Section 43.9
> I said precisely. computers don't understand 'deliberate' vs 'typing
> error', those are subjective measures.
Wrong. Some can be determined by machine searching for 'known' invalid
URL strings which are not remotely similar to valid web page names.
Obviously this is site dependant. For example which accidentally typed
URL contains login.php or password.php when nothing like those names are
used in valid web page names ?
--
With best regards,
Paul.
England,
EU.
More information about the CentOS
mailing list