[Bastille-linux-discuss] Blocking SoBig Virus Using Batille - Possible?

[Vernon W. <ve...@co...>]

Awhile back someone here was nice enough to provide some info on blocking 
certain IPs from my box using the block.sh file and the following:

if [ -n "${IPCHAINS}" ]; then 
       # using 2.2/ipchains or 2.4/ipchains, add ipchains rules 
       ${IPCHAINS} -A PUB_IN -s 12.41.53.22/32 -j ${REJECT_METHOD} 
fi 
if [ -n "${IPTABLES}" ]; then 
       # using 2.4/iptables, add iptables rules 
       ${IPTABLES} -A PUB_IN -s 12.41.53.22/32 -j ${REJECT_METHOD} 
fi

Somewhere I read that I can block the SoBig virus using IPtables so I rewrote 
the above to reflect the following:

iptables -A INPUT -p tcp -d 0/0 --dport 25 --tcp-flags ALL ACK,PSH -m string -
-string "Subject: Your details" -j LOG --log-prefix "Anti-virus: Whatever" 
iptables -A INPUT -p tcp -d 0/0 --dport 25 --tcp-flags ALL ACK,PSH -m string -
-string "Subject: Your details" -j DROP

with:

if [ -n "${IPTABLES}" ]; then 
       # using 2.4/iptables, add iptables rules 
 ${IPTABLES} -A INPUT -p tcp -d 0/0 --dport 25 --tcp-flags ALL ACK,PSH -m 
string --string "Subject: Your details" -j LOG --log-prefix "Anti-virus: 
Whatever"
 ${IPTABLES} -A INPUT -p tcp -d 0/0 --dport 25 --tcp-flags ALL ACK,PSH -m 
string --string "Subject: Your details" -j ${REJECT_METHOD}
fi

But I get the following error:

iptables v1.2.8: Couldn't load match `string':/lib/iptables/libipt_string.so: 
cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.

Someone else told be that I'd need to recomile IPtables to use the -m flag 
which I do not know how to do. The question I have is, does anyone know of a 
way to do it using the block.sh where I don't have to recompile?

Thanks