Is iptables string matching still supported? The 2019 Stack Overflow Developer Survey Results Are Inincoming ACCEPT all iptables rule still appearingstring matching not working in iptablesIPtables installation questionunderstand chains and tables in netfilter/iptablesIptables packet src ip not NATed in case of icmp reply and tcp ackiptables ERROR targetOUTPUT chain rules in iptablesiptable string matching to find application type / application layer protocoHow --set-mark option works on Netfilter (IPTABLES)?iptables blocking local traffic

Apparent duplicates between Haynes service instructions and MOT

Is this app Icon Browser Safe/Legit?

Is flight data recorder erased after every flight?

Why did Acorn's A3000 have red function keys?

Why not take a picture of a closer black hole?

FPGA - DIY Programming

Geography at the pixel level

Can you compress metal and what would be the consequences?

Am I thawing this London Broil safely?

Protecting Dualbooting Windows from dangerous code (like rm -rf)

Can a rogue use sneak attack with weapons that have the thrown property even if they are not thrown?

Can we generate random numbers using irrational numbers like π and e?

What is the accessibility of a package's `Private` context variables?

Why do UK politicians seemingly ignore opinion polls on Brexit?

For what reasons would an animal species NOT cross a *horizontal* land bridge?

Can one be advised by a professor who is very far away?

Loose spokes after only a few rides

Did 3000BC Egyptians use meteoric iron weapons?

Is an up-to-date browser secure on an out-of-date OS?

Why do we hear so much about the Trump administration deciding to impose and then remove tariffs?

Who coined the term "madman theory"?

What tool would a Roman-age civilization have for the breaking of silver and other metals into dust?

Delete all lines which don't have n characters before delimiter

Why is the Constellation's nose gear so long?



Is iptables string matching still supported?



The 2019 Stack Overflow Developer Survey Results Are Inincoming ACCEPT all iptables rule still appearingstring matching not working in iptablesIPtables installation questionunderstand chains and tables in netfilter/iptablesIptables packet src ip not NATed in case of icmp reply and tcp ackiptables ERROR targetOUTPUT chain rules in iptablesiptable string matching to find application type / application layer protocoHow --set-mark option works on Netfilter (IPTABLES)?iptables blocking local traffic



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








2















I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables. I was wondering:



  • if string matching is still supported by Linux kernel and
    iptables/Netfilter

  • if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?

I searched the net but most of the links are old, and the book itself is published in 2007.






linux-kernel iptables netfilter







share|improve this question



















  • 1





    I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

    – ilkkachu
    Nov 14 '17 at 13:42

















2















I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables. I was wondering:



  • if string matching is still supported by Linux kernel and
    iptables/Netfilter

  • if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?

I searched the net but most of the links are old, and the book itself is published in 2007.






linux-kernel iptables netfilter







share|improve this question



















  • 1





    I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

    – ilkkachu
    Nov 14 '17 at 13:42













2












2








2








I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables. I was wondering:



  • if string matching is still supported by Linux kernel and
    iptables/Netfilter

  • if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?

I searched the net but most of the links are old, and the book itself is published in 2007.






linux-kernel iptables netfilter







share|improve this question
















I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables. I was wondering:



  • if string matching is still supported by Linux kernel and
    iptables/Netfilter

  • if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?

I searched the net but most of the links are old, and the book itself is published in 2007.






linux-kernel iptables netfilter




linux-kernel iptables netfilter






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 28 '18 at 19:18









U880D

417516




417516










asked Nov 14 '17 at 13:38









CoreyCorey

183




183







  • 1





    I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

    – ilkkachu
    Nov 14 '17 at 13:42












  • 1





    I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

    – ilkkachu
    Nov 14 '17 at 13:42







1




1





I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

– ilkkachu
Nov 14 '17 at 13:42





I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

– ilkkachu
Nov 14 '17 at 13:42










1 Answer
1






active

oldest

votes


















4














Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...






share|improve this answer























  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404482%2fis-iptables-string-matching-still-supported%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









4














Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...






share|improve this answer























  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04















4














Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...






share|improve this answer























  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04













4












4








4







Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...






share|improve this answer













Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 14 '17 at 13:53









Stephen KittStephen Kitt

181k25414492




181k25414492












  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04

















  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04
















Thank you, Stephen would tell more about filtering layer?

– Corey
Nov 15 '17 at 16:10





Thank you, Stephen would tell more about filtering layer?

– Corey
Nov 15 '17 at 16:10













By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

– Stephen Kitt
Nov 15 '17 at 19:04





By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

– Stephen Kitt
Nov 15 '17 at 19:04

















draft saved

draft discarded
















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404482%2fis-iptables-string-matching-still-supported%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-iptables, linux-kernel, netfilter
-

Popular posts from this blog

Creating 100m^2 grid automatically using QGIS?Creating grid constrained within polygon in QGIS?Createing polygon layer from point data using QGIS?Creating vector grid using QGIS?Creating grid polygons from coordinates using R or PythonCreating grid from spatio temporal point data?Creating fields in attributes table using other layers using QGISCreate .shp vector grid in QGISQGIS Creating 4km point grid within polygonsCreate a vector grid over a raster layerVector Grid Creates just one grid

Image
Pattern match does not work in bash script Mage Armor with Defense fighting style (for Adventurers League bladeslinger) LaTeX closing $ signs makes cursor jump String Manipulation Interpreter Can divisibility rules for digits be generalized to sum of digits I'm planning on buying a laser printer but concerned about the life cycle of toner in the machine What is the offset in a seaplane's hull? How can I make my BBEG immortal short of making them a Lich or Vampire? What are the differences between the usage of 'it' and 'they'? The use of multiple foreign keys on same column in SQL Server How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy? Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws) Why Is Death Allowed In the Matrix? Minkowski space Why are 150k or 200k jobs considered good when there are 300k+ births a month? Why do f...
Read more

Nikolai Prilezhaev Bibliography References External links Navigation menuEarly Russian Organic Chemists and Their Legacy092774english translationRussian Biography

19th-century chemists20th-century chemists1877 births1944 deathsRussian chemists RussianO.S.KopossevoNizhny NovgorodMoscoworganic chemistPrilezhaev ReactionepoxidesalkenesperoxyacidsUniversity of WarsawYegor Yegorovich VagnerGeorg WagnerSt. PetersburgPolytechnic in KievUniversity of MinskBelarusian Academy of SciencesAlexei Nikolaevich Bachname reactionSoviet Academy of Sciences Nikolai Alexandrovich Prilezhaev , Russian: Николай Александрович Прилежаев , (Born 15 [O.S. 1877] 27 [1] in Kopossevo near Nizhny Novgorod, died May 26, 1944 in Moscow) was a Russian organic chemist. The Prilezhaev Reaction between epoxides and alkenes to form peroxyacids is named after him. Prilezhaev was the son of a clergyman and studied chemistry at the Theological Seminary in Warsaw (graduated in 1895) and then at the Univ...
Read more

How to link a C library to an Assembly library on Mac with clangHow do you set, clear, and toggle a single bit?Find (and kill) process locking port 3000 on MacWho is listening on a given TCP port on Mac OS X?How to start PostgreSQL server on Mac OS X?Compile assembler in nasm on mac osHow do I install pip on macOS or OS X?AFNetworking 2.0 “_NSURLSessionTransferSizeUnknown” linking error on Mac OS X 10.8C++ code for testing the Collatz conjecture faster than hand-written assembly - why?How to link a NASM code and GCC in Mac OS X?How to run x86 .asm on macOS Sierra

Image
Is there enough fresh water in the world to eradicate the drinking water crisis? What is the term when two people sing in harmony, but they aren't singing the same notes? Is there a problem with hiding "forgot password" until it's needed? Why does this part of the Space Shuttle launch pad seem to be floating in air? Hostile work environment after whistle-blowing on coworker and our boss. What do I do? How to prevent YouTube from showing already watched videos? Is there an Impartial Brexit Deal comparison site? Would it be legal for a US State to ban exports of a natural resource? Can somebody explain Brexit in a few child-proof sentences? Latex for-and in equation Is a naturally all "male" species possible? Is there an wasy way to program in Tikz something like the one in the image? How to deal with or prevent idle in the test team? node command while defining a coordinate in TikZ Simulating a probability of 1 of 2^N with less tha...
Read more