So I'm trying to setup iptables to block something very specific, I've found a few examples on how this can be done using the iptables string module but I want to find an interface capable of utilising the string module.
So far I've tried the most common interface and found it extremely functional and easy to use, however I find no documentation to explain how the "Additional IPtables modules" section of the rules work, and I think this is where you can use the string module.
So for example let's say I'm trying to block a packet that containts "Kittens be fluffeh", could this be accomplished via this interface?
Anything in that field would be added to iptables with the "-m" flag.
The IPTables interface in Webmin really isn't that good. While it may be easy to use, it doesn't implement all IPTables functionality and makes it hard or impossible to write more advanced IPTables stacks.
It also loves to mangle the existing stack, or stacks that you can import because it's missing features. I have a 600 line IPTables firewall/router script that I tried to import into Webmin and it completely failed. I also tried to make it by hand (which took hours) and it still refused to work correctly.
You can easily do the same thing in bash with more flexibility, assuming you know the flags (if not, MAN is helpful.)
Here's an example:
iptables -I INPUT 1 -p tcp -m string --string "Kittens be fluffeh" --algo kmp -j DROP
Sorry, you need to Log In to post a reply to this thread.