我想使用 iptables 过滤 tftp 客户端的 OUTPUT 包,但是失败了,你能帮助我吗?
我的规则:
iptables -A OUTPUT -m udp -p udp --dport 69 -j NFQUEUE
iptables -A OUTPUT -m string --algo kmp --string "nessus" -j NFQUEUE
客户端的OUTPUT包大多是这样的:
No. Time Source Destination Protocol Info
9 1.432738 192.168.9.76 192.168.9.114 TFTP Read Request, File: nessus713610685\000, Transfer type: netascii\000
Frame 9 (69 bytes on wire, 69 bytes captured)
Ethernet II, Src: Vmware_bc:00:59 (00:0c:29:bc:00:59), Dst: 60:a4:4c:34:bd:ac (60:a4:4c:34:bd:ac)
Internet Protocol, Src: 192.168.9.76 (192.168.9.76), Dst: 192.168.9.114 (192.168.9.114)
User Datagram Protocol, Src Port: 4239 (4239), Dst Port: tftp (69)
Source port: 4239 (4239)
Destination port: tftp (69)
Length: 35
Checksum: 0x3d14 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Trivial File Transfer Protocol
[Source File: nessus713610685]
Opcode: Read Request (1)
Source File: nessus713610685
Type: netascii