我想使用iptables来过滤tftp客户端的OUTPUT包,但失败了,你能帮我吗?
我的规则:
iptables -A OUTPUT -m udp -p udp --dport 69 -j NFQUEUE iptables -A OUTPUT -m string --algo kmp --string "nessus" -j NFQUEUE 客户端的OUTPUT包大部分是这样的:
No. Time Source Destination Protocol Info 9 1.432738 192.168.9.76 192.168.9.114 TFTP Read Request, File: nessus713610685\000, Transfer type: netascii\000 Frame 9 (69 bytes on wire, 69 bytes captured) Ethernet II, Src: Vmware_bc:00:59 (00:0c:29:bc:00:59), Dst: 60:a4:4c:34:bd:ac (60:a4:4c:34:bd:ac) Internet Protocol, Src: 192.168.9.76 (192.168.9.76), Dst: 192.168.9.114 (192.168.9.114) User Datagram Protocol, Src Port: 4239 (4239), Dst Port: tftp (69) Source port: 4239 (4239) Destination port: tftp (69) Length: 35 Checksum: 0x3d14 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Trivial File Transfer Protocol [Source File: nessus713610685] Opcode: Read Request (1) Source File: nessus713610685 Type: netascii