April 24, 2014, 11:19:13 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: iptables string icase syntax  (Read 615 times)

Offline robbtek

  • New Member
  • Posts: 1
iptables string icase syntax
« on: May 28, 2012, 10:20:10 AM »
My system : CentOS 6.2 64bit and iptables-1.4.7-5.1

I want use iptables string module to block some http request .
I want to block some scan/attack like xss or sql-i :

example : block request by insert <script> in form .

My example syntax is :

Code: [Select]
iptables -I INPUT -p tcp --dport 80 -m string --string "<script>" --algo bm --icase -j DROP

But dont work .

I can use

Code: [Select]
iptables -I INPUT -p tcp --dport 80 -m string --string "script" --algo bm --icase -j DROP

But is very restrictive .

How can use string module and "--icase" with iptables to block request with specific string with ONE rule ?? .... example :

Code: [Select]
<script>
<SCRIPT>
<ScRiPt>
<sCrIpT>
....

thanks