Is iptables string matching still supported? The 2019 Stack Overflow Developer Survey Results Are Inincoming ACCEPT all iptables rule still appearingstring matching not working in iptablesIPtables installation questionunderstand chains and tables in netfilter/iptablesIptables packet src ip not NATed in case of icmp reply and tcp ackiptables ERROR targetOUTPUT chain rules in iptablesiptable string matching to find application type / application layer protocoHow --set-mark option works on Netfilter (IPTABLES)?iptables blocking local traffic
Apparent duplicates between Haynes service instructions and MOT
Is this app Icon Browser Safe/Legit?
Is flight data recorder erased after every flight?
Why did Acorn's A3000 have red function keys?
Why not take a picture of a closer black hole?
FPGA - DIY Programming
Geography at the pixel level
Can you compress metal and what would be the consequences?
Am I thawing this London Broil safely?
Protecting Dualbooting Windows from dangerous code (like rm -rf)
Can a rogue use sneak attack with weapons that have the thrown property even if they are not thrown?
Can we generate random numbers using irrational numbers like π and e?
What is the accessibility of a package's `Private` context variables?
Why do UK politicians seemingly ignore opinion polls on Brexit?
For what reasons would an animal species NOT cross a *horizontal* land bridge?
Can one be advised by a professor who is very far away?
Loose spokes after only a few rides
Did 3000BC Egyptians use meteoric iron weapons?
Is an up-to-date browser secure on an out-of-date OS?
Why do we hear so much about the Trump administration deciding to impose and then remove tariffs?
Who coined the term "madman theory"?
What tool would a Roman-age civilization have for the breaking of silver and other metals into dust?
Delete all lines which don't have n characters before delimiter
Why is the Constellation's nose gear so long?
Is iptables string matching still supported?
The 2019 Stack Overflow Developer Survey Results Are Inincoming ACCEPT all iptables rule still appearingstring matching not working in iptablesIPtables installation questionunderstand chains and tables in netfilter/iptablesIptables packet src ip not NATed in case of icmp reply and tcp ackiptables ERROR targetOUTPUT chain rules in iptablesiptable string matching to find application type / application layer protocoHow --set-mark option works on Netfilter (IPTABLES)?iptables blocking local traffic
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables
. I was wondering:
- if string matching is still supported by Linux kernel and
iptables/Netfilter - if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?
I searched the net but most of the links are old, and the book itself is published in 2007.
linux-kernel iptables netfilter
add a comment |
I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables
. I was wondering:
- if string matching is still supported by Linux kernel and
iptables/Netfilter - if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?
I searched the net but most of the links are old, and the book itself is published in 2007.
linux-kernel iptables netfilter
1
I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them
– ilkkachu
Nov 14 '17 at 13:42
add a comment |
I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables
. I was wondering:
- if string matching is still supported by Linux kernel and
iptables/Netfilter - if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?
I searched the net but most of the links are old, and the book itself is published in 2007.
linux-kernel iptables netfilter
I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables
. I was wondering:
- if string matching is still supported by Linux kernel and
iptables/Netfilter - if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?
I searched the net but most of the links are old, and the book itself is published in 2007.
linux-kernel iptables netfilter
linux-kernel iptables netfilter
edited Feb 28 '18 at 19:18
U880D
417516
417516
asked Nov 14 '17 at 13:38
CoreyCorey
183
183
1
I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them
– ilkkachu
Nov 14 '17 at 13:42
add a comment |
1
I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them
– ilkkachu
Nov 14 '17 at 13:42
1
1
I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them
– ilkkachu
Nov 14 '17 at 13:42
I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them
– ilkkachu
Nov 14 '17 at 13:42
add a comment |
1 Answer
1
active
oldest
votes
Yes, the string extension is still supported (see also your local man iptables-extensions
documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...
Thank you, Stephen would tell more about filtering layer?
– Corey
Nov 15 '17 at 16:10
By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables
etc.).
– Stephen Kitt
Nov 15 '17 at 19:04
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404482%2fis-iptables-string-matching-still-supported%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, the string extension is still supported (see also your local man iptables-extensions
documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...
Thank you, Stephen would tell more about filtering layer?
– Corey
Nov 15 '17 at 16:10
By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables
etc.).
– Stephen Kitt
Nov 15 '17 at 19:04
add a comment |
Yes, the string extension is still supported (see also your local man iptables-extensions
documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...
Thank you, Stephen would tell more about filtering layer?
– Corey
Nov 15 '17 at 16:10
By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables
etc.).
– Stephen Kitt
Nov 15 '17 at 19:04
add a comment |
Yes, the string extension is still supported (see also your local man iptables-extensions
documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...
Yes, the string extension is still supported (see also your local man iptables-extensions
documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...
answered Nov 14 '17 at 13:53
Stephen KittStephen Kitt
181k25414492
181k25414492
Thank you, Stephen would tell more about filtering layer?
– Corey
Nov 15 '17 at 16:10
By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables
etc.).
– Stephen Kitt
Nov 15 '17 at 19:04
add a comment |
Thank you, Stephen would tell more about filtering layer?
– Corey
Nov 15 '17 at 16:10
By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables
etc.).
– Stephen Kitt
Nov 15 '17 at 19:04
Thank you, Stephen would tell more about filtering layer?
– Corey
Nov 15 '17 at 16:10
Thank you, Stephen would tell more about filtering layer?
– Corey
Nov 15 '17 at 16:10
By “filtering layer” I just meant the part of the kernel which handles packet filtering (
iptables
etc.).– Stephen Kitt
Nov 15 '17 at 19:04
By “filtering layer” I just meant the part of the kernel which handles packet filtering (
iptables
etc.).– Stephen Kitt
Nov 15 '17 at 19:04
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404482%2fis-iptables-string-matching-still-supported%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-iptables, linux-kernel, netfilter
1
I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them
– ilkkachu
Nov 14 '17 at 13:42