[Firewall] Possible to Block POST Attacks by User Agent String?

Alex Aune lists at aewne.net
Mon Sep 16 19:01:15 CEST 2013


On 13.09.2013 20:18, Lonnie Abelbeck wrote:
> Hi Alex and Gene,
> 
> First, Thanks to Alex for the useful suggestion.  Alex, may I ask why
> you are using the 'raw' PREROUTING table to drop the packets ?  Would
> some say only NOTRACK is a proper target in that table ?  I'd be
> interested in your comments.
> 
> You might also look into adding a "--to offset" value to limit the
> depth of the search in the packet to make the string matching more
> efficient.
> 
> Lonnie

Hi Lonnie,

It's just based on some suggestions I found on the web ages ago. After 
doing some reading on what the raw table is for, I agree that it doesn't 
make much sense to put those rules there. Also, thanks for pointing out 
the --to option. I'll have to expirement a bit with this.

Alex


More information about the Firewall mailing list