could someone help to make iptables to drop all the packets with length 1006?
Example: 18:33:18.964261 IP 74.209.87.132.3054 > 126.220.67.183.13806: UDP, length 1006
Asked
Active
Viewed 6,720 times
1 Answers
4
You should use the length match. It supports the range of length.
To drop all udp packets with length 1006 bytes:
iptables -I INPUT -p udp -m length --length 1006 -j DROP
P.S.
- The
iptables -m length --helpshows the brief help of thelengthmatch. - Read the iptables tutorial to understand of the basics.
- Other rules and order of the rules are very important.
- Better use the
iptables-applyto safe change of the rule set (read the man). - To troubleshoot check the rule counters.
- The tcpdump captures incoming packets before the iptables.
Anton Danilov
- 5,082
- 2
- 13
- 23
-
and how I can do if 74.209.87.132 is always changing? – alfredogoncalves Jul 20 '19 at 19:48
-
I've updated the answer. – Anton Danilov Jul 20 '19 at 20:25
-
Hi my friend, I have one more question, please This is the output of tcpdump port
: 18:33:18.964261 IP 74.209.87.132.3054 > 126.220.67.183.13806: UDP, length 1006 The packet length is actually 1006? I have read on the internet this output does not show correct udp packet length – alfredogoncalves Nov 06 '19 at 00:02