iptables string icase syntax

Discussion in 'Linux Networking' started by robbtek, May 28, 2012.

  1. robbtek

    robbtek New Member

    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    My system : CentOS 6.2 64bit and iptables-1.4.7-5.1

    I want use iptables string module to block some http request .
    I want to block some scan/attack like xss or sql-i :

    example : block request by insert <script> in form .


    My example syntax is :

    Code:
    iptables -I INPUT -p tcp --dport 80 -m string --string "<script>" --algo bm --icase -j DROP
    
    But dont work .

    I can use

    Code:
    iptables -I INPUT -p tcp --dport 80 -m string --string "script" --algo bm --icase -j DROP
    
    But is very restrictive .

    How can use string module and "--icase" with iptables to block request with specific string with ONE rule ?? .... example :

    Code:
    <script>
    <SCRIPT>
    <ScRiPt>
    <sCrIpT>
    ....
    
    thanks

Share This Page