Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Nov 2005 20:23:31 +0100
From:      Max Laier <max@love2party.net>
To:        freebsd-ipfw@freebsd.org
Cc:        Cesar <listas@itm.net.br>
Subject:   Re: String Match
Message-ID:  <200511102023.43495.max@love2party.net>
In-Reply-To: <002b01c5e53d$38c99d30$f2faa8c0@ironman>
References:  <002b01c5e53d$38c99d30$f2faa8c0@ironman>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart1272263.nWsUf4c6QJ
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Wednesday 09 November 2005 15:52, Cesar wrote:
> An interesting thing in iptables is that option to match strings, like th=
is
> example:
>
> iptables -A FORWARD -p TCP -m string --string "BitTorrent protocol" -j
> REJECT --reject-with tcp-reset
> iptables -A FORWARD -p TCP -m string --string "GET /announce" -j
> REJECT --reject-with tcp-reset
>
> Did anyone wrote a similar patch to ipfw? or ... Is this something
> desirable to ipfw which the developers will put in the future?

As Oliver pointed out, this is not a good idea.  If you still want to do it=
,=20
why don't you hook a filter into a divert socket?  It's certainly *not* a=20
good idea to bloat IPFW (or any other general purpose packet filter) with a=
=20
generally useless feature like this - if you think you need something speci=
al=20
you can either do it in the userland (via divert or bpf) or you could just =
do=20
an idependent pfil(9) consumer module, finally there is netgraph.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart1272263.nWsUf4c6QJ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQBDc54/XyyEoT62BG0RArb2AJ9u7DS8qt0X6/ANn+0BKqpPUOm3jgCZAT/k
sEZrbrFA/eEejnegQrpZ+fU=
=Rqw4
-----END PGP SIGNATURE-----

--nextPart1272263.nWsUf4c6QJ--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511102023.43495.max>