Packet inspecting firewall with IPTables
Posted on 2004-08-23
Normally IPtables can filter according to where is packet from, which port it is going to etc. I wish to configure it in such a way, only if the "data" contained in the packet matches a specific sequence of bits (ASCII characters or hex), then the IPtables will drop them.
This way, consider an ftp server;
- when a client connects everything is normal
- but when this client uses GLOB command for example, that ascii string will be carried out in the packet
- and when it matches the rule (drop all packets that contain GLOB for ftp port), then that packet will be dropped right away. (also can be logged)
I think it is possible because I have read about it somewhere else, but nothing was written on how to do this exactly.
Any correct (tested) configuration would be appreciated because I really wish to implement this feature...