[Firewall] Possible to Block POST Attacks by User Agent String?
lists at aewne.net
Fri Sep 13 11:30:21 CEST 2013
On 13.09.2013 10:17, Wijatmoko U. Prayitno wrote:
> On Fri, 13 Sep 2013 08:10:28 +0200
> Alex Aune <lists at aewne.net> wrote:
>> the moment, but I've used something similar for
>> filtering torrents based on their headers before. That
> what string do you use to block torrent? i'm considered to
> block torrent traffic since it consume a lot bandwidth.
I use a combination of these two:
iptables -t raw -A PREROUTING -m string --algo bm --hex-string
"|13426974546f7272656e742070726f746f636f6c|" -j CONNMARK --set-mark
iptables -t mangle -A PREROUTING -m ipp2p --bit -j CONNMARK --set-mark
(I use the connmark targets to route this traffic over a different
Mind you, the only reason I still run with this ruleset is because I
haven't had time to set up proper layer 7 filtering.
See these links for more info:
Also, Gentoo has a working ebuild for the userspace tools.
More information about the Firewall