1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Packet Filtering..? Updated

Discussion in 'HyperWRT Firmware' started by Darkman_1969, Jan 16, 2005.

  1. Darkman_1969

    Darkman_1969 Network Guru Member

    I am looking for a way i can filter packets by HEX String. I would like to block packets containing a defined string. Is this possible with HyperWRT..?

    I need to do something like the following.

    If packet from *.*.*.*:5515 contains 0D:00:0D:00:0D then block, else allow.

    I have tried the following but the router won't accept it, can anyone help me out here.

    iptables -I advgrp_2 -j logdrop -sport 5515 -m webstr --content 0D:00:0D:00:0D
     
  2. Darkman_1969

    Darkman_1969 Network Guru Member

    ok, here are things as they stand now.

    I found that the following is accepted.

    /usr/sbin/iptables -I FORWARD -p tcp --dport 5515 -m webstr --content 0D:00:0D:00:0D -j DROP

    My only question is what is the correct syntax for the string?

    Is it,
    0D:00:0D:00:0D
    or
    "0D:00:0D:00:0D"
    or
    "0D000D000D"
    or
    0D000D000D

    Any help on this would be great as i can't find any info on the correct usage of HEX strings.

    Thanks.
     
  3. sillygoose

    sillygoose Network Guru Member

    try
    /usr/sbin/iptables -I FORWARD -p tcp --dport 5515 -m string --hex-string "|0D 00 0D 00 0D|" -j DROP
     
  4. Darkman_1969

    Darkman_1969 Network Guru Member

    Thanks sillygoose,
    it works now. But i had to reflash to Alchamy-LoneWolf) for it to work.

    Regards
     

Share This Page