iptables: match only the first packet of established TCP-connection

iptables tcp

Solution 1:

Forget IPTables. You can simply use mod_security with nolog action. Something like this (untested):

SecRule REQUEST_URI "^/w00tw00t\.at\.ISC\.SANS\.DFind" phase:1,nolog,deny,id:1000

Or you can create a dummy virtualhost with separate logs, which just denies all requests and configure it as first. Clients which would not provide a hostname or provide unknown hostname would always end there.

Related

Can Linux do conditional judgment to insert the content at a certain line in Linux
How can I get APT to "ignore" a package?
Docker Compose returns error "networks have overlapping IPv4"
UIView's frame, bounds, center, origin, when to use what?
How to dynamically load reducers for code splitting in a Redux application?
What is N-Tier architecture?
Is it good practice to make the constructor throw an exception? [duplicate]
Maven project.build.directory
WPF chart controls [closed]
Negation in Python
How to filter git diff based on file extensions?
Should try...catch go inside or outside a loop?