[Bastille-linux-discuss] Blocking SoBig Virus Using Batille - Possible?
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
From: Vernon W. <ve...@co...> - 2003-09-09 02:19:46
|
Awhile back someone here was nice enough to provide some info on blocking certain IPs from my box using the block.sh file and the following: if [ -n "${IPCHAINS}" ]; then # using 2.2/ipchains or 2.4/ipchains, add ipchains rules ${IPCHAINS} -A PUB_IN -s 12.41.53.22/32 -j ${REJECT_METHOD} fi if [ -n "${IPTABLES}" ]; then # using 2.4/iptables, add iptables rules ${IPTABLES} -A PUB_IN -s 12.41.53.22/32 -j ${REJECT_METHOD} fi Somewhere I read that I can block the SoBig virus using IPtables so I rewrote the above to reflect the following: iptables -A INPUT -p tcp -d 0/0 --dport 25 --tcp-flags ALL ACK,PSH -m string - -string "Subject: Your details" -j LOG --log-prefix "Anti-virus: Whatever" iptables -A INPUT -p tcp -d 0/0 --dport 25 --tcp-flags ALL ACK,PSH -m string - -string "Subject: Your details" -j DROP with: if [ -n "${IPTABLES}" ]; then # using 2.4/iptables, add iptables rules ${IPTABLES} -A INPUT -p tcp -d 0/0 --dport 25 --tcp-flags ALL ACK,PSH -m string --string "Subject: Your details" -j LOG --log-prefix "Anti-virus: Whatever" ${IPTABLES} -A INPUT -p tcp -d 0/0 --dport 25 --tcp-flags ALL ACK,PSH -m string --string "Subject: Your details" -j ${REJECT_METHOD} fi But I get the following error: iptables v1.2.8: Couldn't load match `string':/lib/iptables/libipt_string.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. Someone else told be that I'd need to recomile IPtables to use the -m flag which I do not know how to do. The question I have is, does anyone know of a way to do it using the block.sh where I don't have to recompile? Thanks |