iptables packet data filtering firewall
Hello, I needs helpz0r!
Are there any good tutorials on how to create a firewall with iptables that examines the contents of a packet and drops those packets that match a certain pattern of bytes on certain location from the beginning of the packet data but forwards the rest of the packets that don't?
Similar to Winsock Packet Editor Pro Alpha (WPE) for Windows XP where you can tell it to drop packets (for a chosen process) that have a certain string or given sequence of bytes found inside the packet data section on a given location... Example: a packet that has byte 0A on position 3 and byte FF on position 8 from the beginning - drop it!
However WPE lacks features so I'd like to have a linux version with a little bit more features:
some math - see if byte A matches sum of byte B and C
check the length of packet data and see if it exceeds a given limit depending on what bytes the packet begins with
etc.
To me this sounds like that I only have to retreive the packet data from iptables into a custom script I'm supposed to write which then analyzes the packet and tells iptables that it is safe to forward it or to drop it.
I would need this so that I can safely host a server for an older PC game because there are lots of hackers who keep crashing servers and doing other damage. I need it to block those attacks (yes, I know how the attack packets look like, the ports used and protocols).
Thanks in advance!
|