iptables 过滤 tftp 的 caps 失败

iptables 过滤 tftp 的 caps 失败

我想使用 iptables 过滤 tftp 客户端的 OUTPUT 包,但是失败了,你能帮助我吗?

我的规则:

iptables -A OUTPUT -m udp -p udp --dport 69 -j NFQUEUE
iptables -A OUTPUT -m string --algo kmp --string "nessus" -j NFQUEUE

客户端的OUTPUT包大多是这样的:

No.     Time        Source                Destination           Protocol Info
      9 1.432738    192.168.9.76          192.168.9.114         TFTP     Read Request, File: nessus713610685\000, Transfer type: netascii\000
Frame 9 (69 bytes on wire, 69 bytes captured)
Ethernet II, Src: Vmware_bc:00:59 (00:0c:29:bc:00:59), Dst: 60:a4:4c:34:bd:ac (60:a4:4c:34:bd:ac)
Internet Protocol, Src: 192.168.9.76 (192.168.9.76), Dst: 192.168.9.114 (192.168.9.114)
User Datagram Protocol, Src Port: 4239 (4239), Dst Port: tftp (69)
    Source port: 4239 (4239)
    Destination port: tftp (69)
    Length: 35
    Checksum: 0x3d14 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Trivial File Transfer Protocol
    [Source File: nessus713610685]
    Opcode: Read Request (1)
    Source File: nessus713610685
    Type: netascii

相关内容