iptables 过滤字符串
1. 开启iptables
iptables -P OUTPUT ACCEPT ###允许输出链
service iptables save ###保存规则
###切记注意执行顺序,防止自己被拒
2.设置开机自启动iptables
chkconfig iptables on
3.设置要禁止的字符串
iptables -A INPUT -m string --algo kmp --string "8dVHYFDfVEvoCBkxpmcqfBiTlhnJPPXOZKPQJCEeCZzUZWqPggeOMUVrk" -j DROP
iptables -A INPUT -m string --algo bm --string "8dVHYFDfVEvoCBkxpmcqfBiTlhnJPPXOZKPQJCEeCZzUZWqPggeOMUVrk" -j DROP
iptables -I INPUT -p all -s x.x.x.x -j DROP ###xxxx为IP
###”8dVHYFDfVEvoCBkxpmcqfBiTlhnJPPXOZKPQJCEeCZzUZWqPggeOMUVrk”为要禁止的字符串
###iptables -t raw -A PREROUTING -p udp --dport 53 -m string --algo bm --hex-string "|对应域名的十六进制|" -j DROP 十六进制
4.保存规则
service iptables save
Erasing : libvirt-devel-0.10.2-18.el6.i686 1/5
Erasing : libvirt-java-devel-0.4.9-1.el6.noarch 2/5
Erasing : libvirt-java-0.4.9-1.el6.noarch 3/5
Erasing : libvirt-client-0.10.2-18.el6.i686 4/5
Erasing : nc-1.84-24.el6.i686 5/5
Verifying : libvirt-java-devel-0.4.9-1.el6.noarch 1/5
Verifying : libvirt-devel-0.10.2-18.el6.i686 2/5
Verifying : nc-1.84-24.el6.i686 3/5
Verifying : libvirt-client-0.10.2-18.el6.i686 4/5
Verifying : libvirt-java-0.4.9-1.el6.noarch
yum -y install libvirt-devel-0.10.2-18.el6.i686 libvirt-java-devel-0.4.9-1.el6.noarch libvirt-java-0.4.9-1.el6.noarch libvirt-client-0.10.2-18.el6.i686
wget ftp://rpmfind.net/linux/Mandriva/official/2008.0/i586/media/main/release/nc-1.10-26mdv2008.0.i586.rpm
#ipatbles
iptables -I INPUT -p all -s 58.54.199.2 -j DROP
####①-
-A INPUT -m string --string "8dVHYFDfVEvoCBkxpmcqfBiTlhnJPPXOZKPQJCEeCZzUZWqPggeOMUVrk" --algo kmp --to 65535 -j DROP
-A INPUT -m string --string "NODPxbCNkzQSLLjXeaBJqhDGMytfHievkLZBVYgVOTuMdiIwkilyClCLnURJIpOkBYrbocDAweGpUAxaU" --algo kmp --to 65535 -j DROP
-A INPUT -m string --string "8dVHYFDfVEvoCBkxpmcqfBiTlhnJPPXOZKPQJCEeCZzUZWqPggeOMUVrk" --algo bm --to 65535 -j DROP
-A INPUT -m string --string "NODPxbCNkzQSLLjXeaBJqhDGMytfHievkLZBVYgVOTuMdiIwkilyClCLnURJIpOkBYrbocDAweGpUAxaU" --algo bm --to 65535 -j DROP
####②-SYN_RECV
iptables -N syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -A syn-flood -p tcp -m limit --limit 2/s --limit-burst 50 -j RETURN
iptables -A syn-flood -j DROP
iptables -A INPUT -m string --string "MZ1{S@MZ1{S@" --algo kmp --to 65535 -j DROP
iptables -A INPUT -m string --string "MZ1{S@MZ1{S@" --algo bm --to 65535 -j DROP
218.85.139.248 9977
iptables -N syn-flood
iptables -A FORWARD -p tcp --syn -j syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -A syn-flood -p tcp --syn -m limit --limit 3/s --limit-burst 1 -j ACCEPT
iptables -A syn-flood -j DROP
iptables -A INPUT -i eth4 -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --dport 10000 -m recent --name BAD_HTTP_ACCESS --update --seconds 60 --hitcount 30 -j REJECT
iptables -A INPUT -p tcp --dport 10000 -m recent --name BAD_HTTP_ACCESS --set -j ACCEPT
iptables -A INPUT -m string --algo bm --hex-string "|00 00 25 9a 00 00 00 00 00 00 00 00|" -j DROP
iptables -A INPUT -m string --algo kmp --hex-string "|00 00 25 9a 00 00 00 00 00 00 00 00|" -j DROP