iptables：使用 -m u32 函數時如何呈現“不等於/匹配”

Question

-m u32命令列部分指定模組。該--u32部分指定實際的表達式。因此，您正在尋找的語法是：

iptables -A INPUT -p tcp --dport 1000 -m u32 ! --u32 "xxxxxxxxxxx=0x11" -j REJECT

另請參閱iptables 擴充手冊頁，摘錄如下：

 u32
       U32 tests whether quantities of up to 4 bytes extracted from a
       packet have specified values. The specification of what to
       extract is general enough to find data at given offsets from
       tcp headers or payloads.

       [!] --u32 tests
              The argument amounts to a program in a small language described below.

Answer 1

-m u32命令列部分指定模組。該--u32部分指定實際的表達式。因此，您正在尋找的語法是：

iptables -A INPUT -p tcp --dport 1000 -m u32 ! --u32 "xxxxxxxxxxx=0x11" -j REJECT

另請參閱iptables 擴充手冊頁，摘錄如下：

 u32
       U32 tests whether quantities of up to 4 bytes extracted from a
       packet have specified values. The specification of what to
       extract is general enough to find data at given offsets from
       tcp headers or payloads.

       [!] --u32 tests
              The argument amounts to a program in a small language described below.

iptables：使用 -m u32 函數時如何呈現“不等於/匹配”

答案1

相關內容