6 May
2002
6 May
'02
11:09
Hello, I have installed Suse linux 8 and activated SuSEfirewall2. I would like to black http requests from Nimda/Code Red etc. infected hosts. With iptables this is supposed to be possible with something like iptables -A block -p tcp --dport http -m state --state NEW,ESTABLISHED,RELATED \ -m string --string "root.exe" -j LOG --log-prefix "Nimda virus " iptables -A block -p tcp --dport http -m state --state NEW,ESTABLISHED,RELATED \ -m string --string "root.exe" -j DROP Where would I put these commands in the configuration of SuSEfirewall2? Thanks for any help, Ruud