How to block packets with certain terms
 

I am in need of help. There is this person I want to block from my network that uses a email address annoyinguy@email.com . His Msn also uses the same email.

My linux box is my networks firewall (gentoo iptables). Becuase email and msn isnt encrypted, Is it possible to block him by filtering all packets containing annoyingguy? Can I use iptables to do this?

- sen

Re: How to block packets with certain terms
 

You can't do this with just pure iptables/netfilter, because iptables doesn't understand the protocols being used above the TCP layer (e.g. POP3, IMAP, HTTP, etc.). In order to do what you want to do, you need to use a filtering proxy. This link explains the difference: http://www.burningvoid.com/iaq/fwalltype.php

Even if you block those packets, it would make it impossible to download your email if it contains it in there. It would interrupt the TCP connection with your server (or the msn server) causing it to be reset.

Use protocol-based filtering.

Thats a good point about it resetting. Wow that leaves me at a loss. Ive heard of packet injecting which seems similar to this idea. Would it be possible to filter his packet by just changing the contents of his message? so it would be a blank email or msn msg?

Well, then you have to take into account that an email can (and generally will) span more than one packet. And conversely, multiple emails can be in the same packet (when you receive over IMAP/POP, not SMTP). And of course, you'd need to adjust checksums and so forth.

Is it a POP3 account? Maybe you could use something like PopWash (http://www.dr-baum.net/popwash/ ) to find and delete his mails before downloading?