Is iptables string matching still supported? The 2019 Stack Overflow Developer Survey Results Are Inincoming ACCEPT all iptables rule still appearingstring matching not working in iptablesIPtables installation questionunderstand chains and tables in netfilter/iptablesIptables packet src ip not NATed in case of icmp reply and tcp ackiptables ERROR targetOUTPUT chain rules in iptablesiptable string matching to find application type / application layer protocoHow --set-mark option works on Netfilter (IPTABLES)?iptables blocking local traffic

Apparent duplicates between Haynes service instructions and MOT

Is this app Icon Browser Safe/Legit?

Is flight data recorder erased after every flight?

Why did Acorn's A3000 have red function keys?

Why not take a picture of a closer black hole?

FPGA - DIY Programming

Geography at the pixel level

Can you compress metal and what would be the consequences?

Am I thawing this London Broil safely?

Protecting Dualbooting Windows from dangerous code (like rm -rf)

Can a rogue use sneak attack with weapons that have the thrown property even if they are not thrown?

Can we generate random numbers using irrational numbers like π and e?

What is the accessibility of a package's `Private` context variables?

Why do UK politicians seemingly ignore opinion polls on Brexit?

For what reasons would an animal species NOT cross a *horizontal* land bridge?

Can one be advised by a professor who is very far away?

Loose spokes after only a few rides

Did 3000BC Egyptians use meteoric iron weapons?

Is an up-to-date browser secure on an out-of-date OS?

Why do we hear so much about the Trump administration deciding to impose and then remove tariffs?

Who coined the term "madman theory"?

What tool would a Roman-age civilization have for the breaking of silver and other metals into dust?

Delete all lines which don't have n characters before delimiter

Why is the Constellation's nose gear so long?



Is iptables string matching still supported?



The 2019 Stack Overflow Developer Survey Results Are Inincoming ACCEPT all iptables rule still appearingstring matching not working in iptablesIPtables installation questionunderstand chains and tables in netfilter/iptablesIptables packet src ip not NATed in case of icmp reply and tcp ackiptables ERROR targetOUTPUT chain rules in iptablesiptable string matching to find application type / application layer protocoHow --set-mark option works on Netfilter (IPTABLES)?iptables blocking local traffic



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








2















I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables. I was wondering:



  • if string matching is still supported by Linux kernel and
    iptables/Netfilter

  • if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?

I searched the net but most of the links are old, and the book itself is published in 2007.






linux-kernel iptables netfilter







share|improve this question



















  • 1





    I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

    – ilkkachu
    Nov 14 '17 at 13:42

















2















I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables. I was wondering:



  • if string matching is still supported by Linux kernel and
    iptables/Netfilter

  • if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?

I searched the net but most of the links are old, and the book itself is published in 2007.






linux-kernel iptables netfilter







share|improve this question



















  • 1





    I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

    – ilkkachu
    Nov 14 '17 at 13:42













2












2








2








I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables. I was wondering:



  • if string matching is still supported by Linux kernel and
    iptables/Netfilter

  • if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?

I searched the net but most of the links are old, and the book itself is published in 2007.






linux-kernel iptables netfilter







share|improve this question
















I was reading the book Linux Firewalls - Attack Detection and Response (by M. Rash, No Starch Press, 1 Ed., Oct. 2007). In one of its chapter it discusses string matching using iptables. I was wondering:



  • if string matching is still supported by Linux kernel and
    iptables/Netfilter

  • if yes, can string matching search the encrypted payloads (e.g. HTTPS packets)?

I searched the net but most of the links are old, and the book itself is published in 2007.






linux-kernel iptables netfilter




linux-kernel iptables netfilter






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 28 '18 at 19:18









U880D

417516




417516










asked Nov 14 '17 at 13:38









CoreyCorey

183




183







  • 1





    I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

    – ilkkachu
    Nov 14 '17 at 13:42












  • 1





    I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

    – ilkkachu
    Nov 14 '17 at 13:42







1




1





I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

– ilkkachu
Nov 14 '17 at 13:42





I very much suspect that whatever it is you're doing, your iptables modules don't have the keys to any encrypted contents within the packets passing through them

– ilkkachu
Nov 14 '17 at 13:42










1 Answer
1






active

oldest

votes


















4














Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...






share|improve this answer























  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404482%2fis-iptables-string-matching-still-supported%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









4














Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...






share|improve this answer























  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04















4














Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...






share|improve this answer























  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04













4












4








4







Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...






share|improve this answer













Yes, the string extension is still supported (see also your local man iptables-extensions documentation). No, you can’t match against encrypted payloads — they’re still encrypted in the filtering layer...







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 14 '17 at 13:53









Stephen KittStephen Kitt

181k25414492




181k25414492












  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04

















  • Thank you, Stephen would tell more about filtering layer?

    – Corey
    Nov 15 '17 at 16:10











  • By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

    – Stephen Kitt
    Nov 15 '17 at 19:04
















Thank you, Stephen would tell more about filtering layer?

– Corey
Nov 15 '17 at 16:10





Thank you, Stephen would tell more about filtering layer?

– Corey
Nov 15 '17 at 16:10













By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

– Stephen Kitt
Nov 15 '17 at 19:04





By “filtering layer” I just meant the part of the kernel which handles packet filtering (iptables etc.).

– Stephen Kitt
Nov 15 '17 at 19:04

















draft saved

draft discarded
















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404482%2fis-iptables-string-matching-still-supported%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-iptables, linux-kernel, netfilter
-

Popular posts from this blog

Mobil Contents History Mobil brands Former Mobil brands Lukoil transaction Mobil UK Mobil Australia Mobil New Zealand Mobil Greece Mobil in Japan Mobil in Canada Mobil Egypt See also References External links Navigation menuwww.mobil.com"Mobil Corporation"the original"Our Houston campus""Business & Finance: Socony-Vacuum Corp.""Popular Mechanics""Lubrite Technologies""Exxon Mobil campus 'clearly happening'""Toledo Blade - Google News Archive Search""The Lion and the Moose - How 2 Executives Pulled off the Biggest Merger Ever""ExxonMobil Press Release""Lubricants""Archived copy"the original"Mobil 1™ and Mobil Super™ motor oil and synthetic motor oil - Mobil™ Motor Oils""Mobil Delvac""Mobil Industrial website""The State of Competition in Gasoline Marketing: The Effects of Refiner Operations at Retail""Mobil Travel Guide to become Forbes Travel Guide""Hotel Rankings: Forbes Merges with Mobil"the original"Jamieson oil industry history""Mobil news""Caltex pumps for control""Watchdog blocks Caltex bid""Exxon Mobil sells service station network""Mobil Oil New Zealand Limited is New Zealand's oldest oil company, with predecessor companies having first established a presence in the country in 1896""ExxonMobil subsidiaries have a business history in New Zealand stretching back more than 120 years. We are involved in petroleum refining and distribution and the marketing of fuels, lubricants and chemical products""Archived copy"the original"Exxon Mobil to Sell Its Japanese Arm for $3.9 Billion""Gas station merger will end Esso and Mobil's long run in Japan""Esso moves to affiliate itself with PC Optimum, no longer Aeroplan, in loyalty point switch""Mobil brand of gas stations to launch in Canada after deal for 213 Loblaws-owned locations""Mobil Nears Completion of Rebranding 200 Loblaw Gas Stations""Learn about ExxonMobil's operations in Egypt""Petrol and Diesel Service Stations in Egypt - Mobil"Official websiteExxon Mobil corporate websiteMobil Industrial official websiteeeeeeeeDA04275022275790-40000 0001 0860 5061n82045453134887257134887257

Image
Aera EnergyEssoEsso AustraliaExxonExxon NeftegasHumble OilImperial OilMagnolia Petroleum CompanyMobilMobil Producing NigeriaPetronSeaRiver MaritimeSuperior Oil CompanySyncrudeVacuum Oil CompanyXTO EnergyBaton Rouge RefineryBaytown RefineryMilford HavenExxon Building (New York)Fawley RefineryImperial Oil BuildingMossmorranNanticoke Refinery2010 ExxonMobil oil spill2010 Port Arthur oil spill2013 Mayflower oil spill Exxon Valdez oil spillGreenpoint oil spillSS Atlantic Empress SS Esso Brussels Colony Shale Oil ProjectEast-Prinovozemelsky fieldGoose Creek Oil FieldKearl Oil Sands ProjectKizomba deepwater projectOrmen LangePembina oil fieldPrudhoe Bay Oil FieldSable Offshore Energy ProjectSakhalin-ITengiz FieldTern oilfieldTuapse fieldWest Qurna FieldNational OilSasolSparSpar Express759 Store7-ElevenCircle KCUDaily YamazakiFamilyMartGS25LawsonMinistopParknShopPoplarSparStorywayVanGOemartSparampmBuy the WayBP ConnectCircle K SunkusDaily StopOn the Run7-ElevenBargain BoozeBest-OneBP ConnectB
Read more

Frič See also Navigation menuinternal link

Image
SurnamesCzech-language surnames ‹ The template Infobox surname is being considered for merging. › Frič Origin Language(s) Czechized German (eastern Middle German dialects and Alemannic German) - Thuringian, Upper Saxon, Low Lusatian, Silesian Meaning derived from German: Friedrich Other names Variant(s) Fritsch, Fritzsch, Frycz, Fricz, Fryczyński, Frietsch, Fritsche, Fritzsche; Fritschi (Alemannic), Fritz, Fritze, Fritzel, Fritzl, Fritzke, Fritzen Frič is a Czechized German surname. Notable people with the surname include: Alberto Vojtěch Frič, Czech botanist Antonín Jan Frič (Fritsch) , Czech paleontologist Jaroslav Erik Frič, Czech poet Martin Frič, Czech film director, screenwriter and actor See also Fričovce (Hungarian: Frics ) .mw-parser-output table.dmboxclear:both;margin:0.9em 1em;border-top:1px solid #ccc;border-bottom:1px solid #ccc;background-color:transparent Surname list This page lists people with the surname Frič . If an internal link intending to refer to a specifi
Read more

Identify plant with long narrow paired leaves and reddish stems Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?What is this plant with long sharp leaves? Is it a weed?What is this 3ft high, stalky plant, with mid sized narrow leaves?What is this young shrub with opposite ovate, crenate leaves and reddish stems?What is this plant with large broad serrated leaves?Identify this upright branching weed with long leaves and reddish stemsPlease help me identify this bulbous plant with long, broad leaves and white flowersWhat is this small annual with narrow gray/green leaves and rust colored daisy-type flowers?What is this chilli plant?Does anyone know what type of chilli plant this is?Help identify this plant

Image
Apollo command module space walk? prime numbers and expressing non-prime numbers Can a non-EU citizen traveling with me come with me through the EU passport line? Extract all GPU name, model and GPU ram How to deal with a team lead who never gives me credit? Why was the term "discrete" used in discrete logarithm? Why do we bend a book to keep it straight? When do you get frequent flier miles - when you buy, or when you fly? How come Sam didn't become Lord of Horn Hill? At the end of Thor: Ragnarok why don't the Asgardians turn and head for the Bifrost as per their original plan? Is it true that "carbohydrates are of no use for the basal metabolic need"? Using et al. for a last / senior author rather than for a first author How to tell that you are a giant? How to react to hostile behavior from a senior developer? String `!23` is replaced with `docker` in command line How to find out what spells would be useless to a blind NPC sp
Read more