From mboxrd@z Thu Jan 1 00:00:00 1970 From: Fabrice MARIE Subject: Re: Filtering Nimda, Code Red and Code Red II Date: Wed, 11 Sep 2002 17:58:56 +0800 Sender: netfilter-admin@lists.netfilter.org Message-ID: <200209111758.56593.fabrice@celestix.com> References: <3D7EFBCF.70406@fugmann.dhs.org> <00a601c259ee$57f815c0$6500a8c0@systemsadmin> Reply-To: fabrice@celestix.com Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Return-path: In-Reply-To: <00a601c259ee$57f815c0$6500a8c0@systemsadmin> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: "Joe de Vera Jr." , netfilter@lists.netfilter.org On Thursday 12 September 2002 07:52, Joe de Vera Jr. wrote: > hello fellas, > can i make use of the iptables scripting to disable the access pages... for > example for code red it access /default.ida page while in nimda /root.exe > and cmd.exe > is there a way to dis allow this.. > thanks > Joe Hello, you really shouldn't use iptables for such purpose as there is no clean and proper way to it in iptables. iptables is a packet filter. What you need is an filtering application proxy, in your case a filtering HTTP proxy. Read-on the mailing archive, and the iptables FAQ if you want to know the full details. Have a nice day, Fabrice. -- Fabrice MARIE Senior R&D Engineer Celestix Networks http://www.celestix.com/ "Silly hacker, root is for administrators" -Unknown