[Firewall] Possible to Block POST Attacks by User Agent String?
lists at aewne.net
Mon Sep 16 19:01:15 CEST 2013
On 13.09.2013 20:18, Lonnie Abelbeck wrote:
> Hi Alex and Gene,
> First, Thanks to Alex for the useful suggestion. Alex, may I ask why
> you are using the 'raw' PREROUTING table to drop the packets ? Would
> some say only NOTRACK is a proper target in that table ? I'd be
> interested in your comments.
> You might also look into adding a "--to offset" value to limit the
> depth of the search in the packet to make the string matching more
It's just based on some suggestions I found on the web ages ago. After
doing some reading on what the raw table is for, I agree that it doesn't
make much sense to put those rules there. Also, thanks for pointing out
the --to option. I'll have to expirement a bit with this.
More information about the Firewall