Date: Thu, 10 Nov 2005 10:09:22 -0200 From: "Pedro Paulo de Magalhaes Oliveira Junior" <ppj@netfilter.com.br> To: <freebsd-ipfw@freebsd.org> Subject: RE: String Match (Cesar) Message-ID: <000001c5e5ef$97247320$2d00a8c0@MICROPPJ> In-Reply-To: <20051110120050.3A6FB16A428@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
IMHO this is the main disadvantage of FreeBSD and IPFW. Sure Linux has a better support on string match for IPS. ---------------------------------------------------------------------- Message: 1 Date: Wed, 9 Nov 2005 11:52:35 -0300 From: "Cesar" <listas@itm.net.br> Subject: String Match To: <freebsd-ipfw@freebsd.org> Message-ID: <002b01c5e53d$38c99d30$f2faa8c0@ironman> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original An interesting thing in iptables is that option to match strings, like this example: iptables -A FORWARD -p TCP -m string --string "BitTorrent protocol" -j REJECT --reject-with tcp-reset iptables -A FORWARD -p TCP -m string --string "GET /announce" -j REJECT --reject-with tcp-reset Did anyone wrote a similar patch to ipfw? or ... Is this something desirable to ipfw which the developers will put in the future? Thanks ------------------------------ -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/163 - Release Date: 8/11/2005
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c5e5ef$97247320$2d00a8c0>