iptables drop packet by hex string match

iptables tcpdump packet

Solution 1:

The hex string needs to be surrounded by | symbols. The spaces are optional

iptables --append INPUT --match string --algo kmp --hex-string '|f4 6d 04 25 b2 02 00 0a|' --jump ACCEPT

Note that string matching should be a last resort. It's intensive, and unreliable because it works on packets not connections. It also only starts working on the third packet in a TCP connection which limits what actions you can use (you can't NAT the connection for example).

Related

What does FTP Jailing mean, and what features does a server OS require in order to enable it?
Ubuntu installation can't detect hard drives
"open files" ulimit: controlling via limits.conf
ProLiant DL380 G7 won't boot, solid amber power LED
How to synchronize the clock of a windows server 2003 domain server?
Do Azure VMs have disk I/O limits?
Documenting server details
What counts as experience?
Allow anonymous upload for Vsftpd?
Why am I getting "write queue file: No space left on device" from postfix when there's 5GB of free space on disk?
root full Linux. No free blocks
How to clean up orphaned SID's in ACEs in AD?